Case studies Security and Pen Testing

Security and Pen Testing

Security and Pen Testing
Overview

McKesson Corporation is an American company distributing pharmaceuticals and providing health information technology, medical supplies, and care management tools and products.

Business Need
  • Noticeable decline in product, web application and network vulnerabilities
  • Centralized vulnerability management practices established
  • Secured finished product.
  • Analyze System Dependency attacks and Business Model attacks
  • Corrupt or missing files, third-party components, etc.
  • Input Attacks and Design attacks
Client Situation
  • Structured vulnerability management portal or process
  • Regular tracking of vulnerability and remediation status
  • Dynamic testing plan for regular release
  • Unprotected internal APIs, alternate code paths around security checks
  • Timely execution of vulnerability remediation as per deadlines
Recommended Solution
  • Penetration tests to determine web application and network vulnerabilities.
  • Code Review to detect, validate and remediate vulnerabilities directly with development team
  • Defined risk rating
  • Centralized dashboard to manage vulnerabilities and central task force team for entire activity management
  • Periodic and regular reports
  • SQL injections, buffer overruns, etc.
Results
  • Faulty process validation
  • SQL Injections, buffer overruns
  • Detect and arrange threats
  • Meet monitoring necessities and evade penalties though Pen testing
  • Knew Authentication attacks
  • Automatic Scanning
Tools
  • Nmap
  • Wireshark
  • ZAP
  • Wapiti
  • W3af
  • Aircrack