Our client is one of the largest insurance providers in Singapore. They offer financial solutions to customers through multi-channel distribution networks, and develop and maintain their own internal applications.
The client’s DevOps pipeline consisted of more than 400 different applications. They were running SCA, SAST, DAST and Container scans on a daily basis. With 400+ applications in their pipeline, this amounted to well over 1600 unique scan results generated everyday.
Taken cumulatively, these apps were reporting huge numbers of vulnerabilities. The security team, which consisted of just 8 people, was overwhelmed by the sheer volume of data. One tool in particular, Micro Focus Fortify, had found 1322 vulnerabilities across all their apps. The security and development teams had begun to suspect that the tool itself was faulty.
Locating and resolving these many different vulnerabilities seemed impossible. We were called on to assist the client’s security team in handling the daily flow of tool scan results.
400+ applications being developed
1600 new scan results everyday
1300+ vulnerabilities found by one tool