The client is a fast-growing private sector retail bank. Ensuring security of banking transactions and customer privacy has been a norm for the bank since its inception. The top management at the bank is committed to inculcate security in all forms in the DNA of the organization. While many projects had been implemented for increasing the information security level in the past, the bank felt the need to look at the future scenario and prepare itself ahead of time to manage information security in a comprehensive manner. Therefore a new security project was undertaken in February 2007.

The client is a $10 billion bank, having won several international accolades for business excellence and was one of the first banks in Asia to offer an online banking service.

Information Security has always been a top priority for the bank. In 2007, the Top Management of the bank mandated that all applications be reviewed for security within the next 18 months. With 800+ applications, and two new applications launched every week, that was an ambitious goal. This case study summarizes the systems and processes we put in place to meet that goal.

The client we refer to in this 'success story' is one of India's leading public sector banks. The bank recently launched a centralized banking solution through which their branches and automatic teller machines, spread across the country, are networked.

We were assigned to do the internal security audit of the organization's core banking and Internet banking architecture in accordance with the criteria laid down by regulators at the Reserve Bank of India. In addition to auditing the resources at the bank, we were also asked to do a functionality and security audit of the client's core banking application. The assignment provided us with an opportunity to take a close look at a leading banking application used by huge banks worldwide.

Our customer is a leading CMM Level 5-certified software development enterprise. When it was engaged by a Fortune 500 company to develop a custom application, security was a major concern. The software organization approached Paladion to provide the necessary security control and safety measures.

We worked with the development team from the requirement analysis stage to the project signoff by the customer.

This case study provides an overview of the operations carried out by our penetration testing red berets for one of our customers. Our client, a Fortune 500 financial services company, needed to conduct a rigorous penetration test of its network before launching a slew of new services.

Our penetration team members have these advantages - favorable technical skills — rich experience with financial-services applications and outstanding credentials in penetration testing and favorable personality traits — ability to think creatively and laterally; tenacity and patience.