Systems evolve over time, necessitating testing of each new application
you use or every service you add. The security of newly developed
applications can be assured, however, by performing an ESTec code
audit, which looks for evidence of unauthorized or unintended functionality
for the new offering or application, and for any unexpected vulnerabilities
where an intruder might create a failure of the software.
Customer: Canadian Mutual Fund Company
Services: Code Audit
Problem: The mutual fund was preparing to incorporate in its services
an Internet-enabled application. Since the application handled sensitive
information for sales reps in the field, management needed to be
certain that the application was secure before initiating its use
across the client-base.
Solution: An ESTec programmer reviewed the web development company's
new software to determine its safety after installation. ESTec identified
8 places where buffer overflows were not being properly handled.
Any one of these would have made it possible for the intruder to
gain unauthorized access to information stored on the web server.
Results: The software was reconfigured and changes in its code were
made by the developer. The mutual fund has found the changed software
fully functional and has experienced no security loss since initiation.