Our client is a major online higher education platform based in India. They offer advanced online learning programs and degrees from several reputed universities around the world. To facilitate this, they maintain a constantly changing web-based platform that more than 20,000 students access on a regular basis.
The client’s development team was working on 4 separate applications simultaneously. Our security team began by performing vulnerability assessment and penetration testing (VAPT) on their platform, followed by security automation. We ran vulnerability scans on each of them, a total of 16 scans every week. When we sent the results to be processed by Orchestron, we found 16 open vulnerabilities.
Orchestron’s correlation system organises each vulnerability according to its attributes, including false positive results. Our team immediately noticed that 12 of these 16 results were marked as false positives. One week later, we still found the same false positives on Orchestron’s dashboard.
75% of the client’s vulnerabilities were false positives. Without getting context for the vulnerabilities with Orchestron, the client’s small development team would have spent hours remediating vulnerabilities that were inconsequential.
4 applications being developed
16 new scan results every week
12 false positives discovered