Contrast Security Case Studies Enhancing Application Security in Banking through Agile and DevOps Integration

Edit This Case Study Record

	Enhancing Application Security in Banking through Agile and DevOps Integration Contrast Security

Enhancing Application Security in Banking through Agile and DevOps Integration

Contrast Security

Technology Category	Cybersecurity & Privacy - Application Security Platform as a Service (PaaS) - Application Development Platforms
Applicable Industries	Finance & Insurance National Security & Defense
Applicable Functions	Product Research & Development Quality Assurance
Use Cases	Experimentation Automation Tamper Detection
Services	Testing & Certification Training
Challenge	One of the world's top 10 banks was undergoing a digital transformation to streamline its domestic and international business. The bank, with over 1,000 branches worldwide, 5,000 ATMs, over 50,000 employees, and millions of customers, was facing challenges in integrating security into its software development process. The bank's Application Security (AppSec) team had been relying on static tools to ensure the security of the software they developed in-house. However, changes in technology and the evolving threat landscape necessitated a more robust, automated AppSec testing solution. The bank was also rapidly moving towards using microservices for its platforms, which were used across multiple business units. The bank's software had been developed and released at an increasingly rapid pace since the development team had combined Agile sprints with DevOps methodologies. This fast-paced rollout of software introduced potential vulnerabilities and greater business risk. The bank's current AppSec tools and processes were found to be inadequate in addressing these issues, causing code release delays, scalability concerns, manual testing delays in development, and time-consuming developer training and education. Read More
About Customer	The customer is one of the 10 largest banks in the world, undergoing a process of digital transformation to streamline its domestic and international business. The bank provides a fully integrated suite of financial products and services, including retail, business and institutional banking, funds management, insurance, investment and brokerage services. It operates more than 1,000 branches worldwide, 5,000 ATMs, and employs over 50,000 people. The bank serves millions of customers and is known for delivering seamless customer experiences in smart and innovative ways. It has a reputation for excellent customer service and leadership. As part of its growth strategy, the bank recognized the need to effectively navigate the rapid business and digital transformations taking place. Read More
Solution	The bank adopted Contrast Assess to augment application security testing quickly and effectively. This solution enabled the bank to 'shift security to the left' and integrate it early in the Software Development Life Cycle (SDLC). Contrast Assess provided highly accurate results for developers without the dependence on experts for triage. It seamlessly integrated into the bank's Agile and DevOps SDLC processes, enhancing their current security posture. The bank also used Contrast Assess to supplement its penetration testing, primarily focused on their major platforms. Results from Contrast's centralized management dashboard were shared with internal 'Red Teams' and penetration testers, highlighting key vulnerabilities and providing swift remediation. This approach reduced the time for penetration testing by about 50% and optimized resources required to conduct these tests. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Application Security

Platform as a Service (PaaS) - Application Development Platforms

Applicable Industries

Finance & Insurance

National Security & Defense

Applicable Functions

Product Research & Development

Quality Assurance

Use Cases

Experimentation Automation

Tamper Detection

Services

Testing & Certification

Training

Challenge

One of the world's top 10 banks was undergoing a digital transformation to streamline its domestic and international business. The bank, with over 1,000 branches worldwide, 5,000 ATMs, over 50,000 employees, and millions of customers, was facing challenges in integrating security into its software development process. The bank's Application Security (AppSec) team had been relying on static tools to ensure the security of the software they developed in-house. However, changes in technology and the evolving threat landscape necessitated a more robust, automated AppSec testing solution. The bank was also rapidly moving towards using microservices for its platforms, which were used across multiple business units. The bank's software had been developed and released at an increasingly rapid pace since the development team had combined Agile sprints with DevOps methodologies. This fast-paced rollout of software introduced potential vulnerabilities and greater business risk. The bank's current AppSec tools and processes were found to be inadequate in addressing these issues, causing code release delays, scalability concerns, manual testing delays in development, and time-consuming developer training and education.

About Customer

The customer is one of the 10 largest banks in the world, undergoing a process of digital transformation to streamline its domestic and international business. The bank provides a fully integrated suite of financial products and services, including retail, business and institutional banking, funds management, insurance, investment and brokerage services. It operates more than 1,000 branches worldwide, 5,000 ATMs, and employs over 50,000 people. The bank serves millions of customers and is known for delivering seamless customer experiences in smart and innovative ways. It has a reputation for excellent customer service and leadership. As part of its growth strategy, the bank recognized the need to effectively navigate the rapid business and digital transformations taking place.

Solution

The bank adopted Contrast Assess to augment application security testing quickly and effectively. This solution enabled the bank to 'shift security to the left' and integrate it early in the Software Development Life Cycle (SDLC). Contrast Assess provided highly accurate results for developers without the dependence on experts for triage. It seamlessly integrated into the bank's Agile and DevOps SDLC processes, enhancing their current security posture. The bank also used Contrast Assess to supplement its penetration testing, primarily focused on their major platforms. Results from Contrast's centralized management dashboard were shared with internal 'Red Teams' and penetration testers, highlighting key vulnerabilities and providing swift remediation. This approach reduced the time for penetration testing by about 50% and optimized resources required to conduct these tests.

Impact #1	The implementation of Contrast Assess has significantly improved the bank's operational processes. The solution has empowered developers with tools to create secure code, thereby increasing their productivity. It has also enabled the bank to deliver accurate, continuous vulnerability detection and attack protection. The bank has been able to improve its development operational processes and reduce overall AppSec testing costs. The solution has also enabled the bank to accelerate its software time-to-market. By merging security with quality coding, the bank has increased the quality of its code and the overall performance of its developers. The bank has successfully implemented a continuous and efficient way to roll out secure code, enabling it to remain highly agile, develop quality code while mitigating software risk.

Impact #1

The implementation of Contrast Assess has significantly improved the bank's operational processes. The solution has empowered developers with tools to create secure code, thereby increasing their productivity. It has also enabled the bank to deliver accurate, continuous vulnerability detection and attack protection. The bank has been able to improve its development operational processes and reduce overall AppSec testing costs. The solution has also enabled the bank to accelerate its software time-to-market. By merging security with quality coding, the bank has increased the quality of its code and the overall performance of its developers. The bank has successfully implemented a continuous and efficient way to roll out secure code, enabling it to remain highly agile, develop quality code while mitigating software risk.

Benefit #1	Reduced time to conduct penetration testing by 50%
Benefit #2	Optimized resources required for penetration testing
Benefit #3	Increased developers’ productivity

Benefit #1

Reduced time to conduct penetration testing by 50%

Benefit #2

Optimized resources required for penetration testing

Benefit #3

Increased developers’ productivity

Download PDF Version

Overview

Enhancing Application Security in Banking through Agile and DevOps Integration

Operational Impact

Quantitative Benefit