The litigation services corporation offers expert court reporting, real time and Internet deposition, and specialized medical records retrieval services for workers compensation cases, plaintiff and defense counsel, corporations, and insurance companies worldwide. Through their
patented technology platform, they have connected thousands of attorneys to depositions all over the world. The platform has grown rapidly and is used by thousands of customers globally.

 

Being in the legal space and having access to millions of confidential records, security and vulnerability are critical to the 800 million dollar organization. The Chief Technology Officer wanted a technology partner to perform a vulnerability assessment of their patented
technology platform and was looking for an expert to help them identify cyber-security risks and improve the technology architecture and suggest remediations and mitigation strategies to safeguard data and the technology platform. The assessment included static software analysis and software composition analysis to find vulnerabilities within the application code-base.

​

The goal of the technology leadership was very clear - identify its cyber weaknesses and strengths and develop an appropriate roadmap to prioritize and resolve them. The security assessment would allow the leadership team to take a good look at how the business would fair
in the event of a cyberattack and the potential impact to the business. Security remains a key focus for the organization for their flagship application and this assessment would help them create roadmap for upcoming changes as well.

The CTO engaged the Agile Brains team for the security and vulnerability assessment of the key application. In a short span of 4 weeks, the team was able to complete the static code and code
composition analysis. Utilizing the OWASP Top 10 method, we were able to appropriately name and categorize the security vulnerabilities. We were also able to use the Common Vulnerability Scoring System (CVSS) v3.0 to rate the severity of the security vulnerabilities in the application.

 

The assessment focused on four key areas

​

Availability health: Capability of the system to maintain information available to the users. Attackers compromise a system's availability when they impersonate its components to provide
malicious information.
Confidentiality health: Capability of the system to maintain certain characteristics of specific data available only to particular users. Attackers compromise the system's confidentiality when
they steal confidential information.
Integrity health: Capability of the system to maintain the data in an expected state. For example, if the system receives a number and adds five to it, the system must always have the original number plus five and no other data type than a number.

Global health: Overall capability of the system to maintain availability, confidentiality, and integrity of data.
Agile Brains provided an overall health assessment score for the platform to serve as baseline for the technology divsion.

​

​

Post assessment, the technology leadership team asked the Agile Brains team to fix the vulnerabilities based on our recommendations and create a set of guidelines and best practices to improve code excellence and delivery.

​

• Fixed 18 critical security vulnerabilities within the first two weeks of engagement including multiple code-injection risks

• Removed all 26 high issues within the application as part of the first phase with focus on jQuery, Bootstrap and information leakage

• Performed the analysis for the collections component and fixed 33 risks related to cross-site AJAX

• Identified and prioritized over 48 risks on utilizing latest jQuery, AJAX and Bootstrap components

• Created the best practices template for technology team for all future software delivery

• Leadership and Management team were amazed to see a 70 percent increase in the overall health score of the application

• Based on the tremendous success of the assessment, Agile Brains was asked to evaluate 8 more applications and improve the cyber security capabilities within the organization.