Request a Consultation
We use cookies to enhance your experience of our website, save your preferences and provide us with information on how you use our website. For more information please read our Privacy Policy. By using our website without changing your browser settings you consent to our use of cookies.

Application security testing boosts leading retailer’s security maturity

Certus Cybersecurity was retained by a Fortune 500 retailer to provide a range of product security testing services including architecture risk analysis, source code review and penetration testing 1 minute read

At a Glance: Certus Cybersecurity was engaged by one of the largest companies in the world by market capitalization to provide dedicated, on-site information security services to Client on a long-term basis.

Services Provided: Certus Cybersecurity provides the services of its employees to work on-site at Client and provide software security testing and code review support services. The scope of security testing services include but are not limited to penetration testing of various web application end points, Android devices and applications, IoT devices, Bluetooth Low Energy and other security testing services as requested by Client. Certus Cybersecurity performs security code reviews for code mostly written in Java and C along other languages and assists with architecture design reviews and threat modeling.

Results:

  • Identification of three critical severity vulnerabilities impacting client assets identified within the first 60 days the engagement. Our findings included a critical issue in the backend APIs that handle certificates used to encrypt payment. These issues were identified through penetration testing.
  • Identification of numerous high and medium severity vulnerabilities in the MQTT workflow that subscribe various payment related topics. These issues were identified through penetration testing.
  • Effectively mitigated a mutual TLS certificate issue through partnership with the Client’s development team.
  • Identification of architectural flaws in the way file-based encryption was implemented on a proprietary Client device. These issues were identified through architectural risk analysis.

Other Services
Software Security
Software Security
We provide software security services, including penetration testing, secure code review, and threat modeling.
Read more
Cloud Security
Cloud Security
We help organizations improve their cloud security posture and align to security best practice by identifying weak or missing security controls and misconfigurations.
Read more
Hardware Security
Hardware Security
We secure hardware technologies through services such as threat modeling, secure code review, and penetration testing.
Read more
Cryptography
Cryptography
We have specialized expertise to uncover cryptographic vulnerabilities and maintain the confidentiality, integrity, and authenticity of sensitive information.
Read more
Litigation Consulting
Litigation Consulting
We provide attorneys with highly effective consulting and expert testimony in litigation matters involving cybersecurity. Our consultants use their technical expertise and communication skills to bring clarity to complex cybersecurity issues.
Read more
Selected Case Studies
End-to-end product security testing helps tech company drive innovation.
Hardware Security End-to-end product security testing helps tech company drive innovation.
 
Penetration testing helps Fortune 100 technology company enhance product security
Hardware Security Penetration testing helps Fortune 100 technology company enhance product security
Contact Us
Ready to get started? Book a free consultation today, and we’ll write you back within 24 hours. For further inquiries, please submit the form at right. By submitting completed “Book a Free Consultation” form, your personal data will be processed by Certus Cybersecurity. Please read our Privacy Notice for more information.