The objective of the customer was to implement a QE Strategy with central emphasis on ensuring security of the information. To achieve this, they reached out to Gemini to design automation frameworks and process that could be integrated into all phases of development lifecycle. The goal was to ensure adherence to the highest levels of security requirements throughout the project's lifecycle.

The customer is one of the largest investment management firms providing solutions to institutions, financial professionals, and millions of individuals worldwide.

• Building an automation solution that is centered around security testing.
• Integration of automated security verification and validation solution into CICD pipeline.
• Building an automated solution that supports every development environment and follows every industry standard such as OWASP Top 10, CWE Top 25.
• Automated analysis of security process, minimizing the occurrence of false positives and thus saving time for manual verification.
• Implementation of secret management checks at every layer of security inspection process, thereby ensuring secrets are safe from unauthorized and unwanted access.

Gemini QE team designed and implemented automated security verification and validation solution as described below:

• Implementing and adopting test automation solution for APIs to cover functionality, but also achieve better coverage around security testing.
• Implementation of solution for SAST (Security Analysis Security Testing) with Secret Management check across their entire codebase, with business logic present.
• Implementation of solution for DAST (Dynamic application security Testing) with Secret Management check across internal and external applications.
• Integration of Security Test Execution and Analysis into CI-CD pipeline
• Implementation of Automated Reporting Generation Process that will analyse, vulnerabilities and share results with respective stakeholders.

Implementation of Automated Security Testing Solution has helped client achieving:

• Compliance towards security standards set by OWASP Top 10 and CWE Top 25.
• Discovering security loopholes in coding practices and vulnerabilities in third party dependency libraries early in the development cycle, thereby reducing refactoring efforts considerably.
• Enabling automated code reviews from security perspective, thereby standardizing coding approach across organization, and improving security policies.
• Reduction in overall testing effort and improvement in overall testing execution cycle.