The client is a leading provider of risk, compliance management and analytical solutions for the financial services industry. They have more than a decade of experience in solving complex risk and compliance issues in major banks and financial services organisations across the world.
They reached out to the Orchestron team to help them build applications that were secure from the ground up. The client’s development team were building their applications primarily in Java, while our team was using Find Security Bugs, a tool natively integrated with Orchestron.
The first thing our security team did was to run a complete SAST scan on the source code for all the applications.
After our initial round of scans, we correlated the vulnerability data in Orchestron. The client’s applications were riddled with over 150 source code bugs.
Under ordinary circumstances, a development team of their size would typically spend 8 hours everyday fixing SAST vulnerabilities, which would severely slow down pace of development and delay new releases by days, if not weeks.
150 source code bugs found
8 man-hours fixing bugs everyday
7 unique metadata categories