Strengthening Application Security and Vulnerability Management

Futurwork, a fast-growing tech consulting agency, is partnering with BNP Paribas Fortis to enhance their application security and vulnerability management processes. The project aims to address the evolving landscape of distributed (Java/Mobile) development technologies and tools by leveraging the expertise of an Application Security Expert. With a focus on strong organizational and analytical skills, the goal is to fortify BNP Paribas Fortis' security posture, proactively identify and mitigate vulnerabilities, and ensure secure development practices across the organization.

‍

Context

BNP Paribas Fortis faced challenges in effectively managing application security and vulnerability risks. The rapidly evolving landscape of distributed (Java/Mobile) development technologies and tools posed significant threats to their digital infrastructure. The organization recognized the need for specialized expertise to enhance their security measures and protect critical assets from emerging threats.

‍

Technologies

The project encompasses a range of technologies and tools commonly used in application security and vulnerability management. These include:

1. Programming Languages and Technologies: Java, Mobile (iOS, Android)
2. Development and Deployment Tools: Jenkins, GitLab, Maven, Docker
3. Security Testing Tools: Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST)
4. Secure Development Best Practices: Secure coding, penetration testing, network security, mobile application security

Futurwork's Role and Contributions

Futurwork's team of Application Security Experts took charge of the project, working closely with BNP Paribas Fortis to deliver impactful solutions. Their mission encompassed proactive problem identification, solution implementation, secure development support, and infrastructure management. The team collaborated with IT development squads, provided training sessions, conducted security assessments, and offered ongoing support to address vulnerabilities and incidents.

Successful Project Delivery

Thanks to the concerted efforts of Futurwork and BNP Paribas Fortis, the project was successfully delivered, resulting in significant improvements in application security and vulnerability management. The key outcomes and achievements include:

1. Enhanced Security Posture: The project successfully fortified BNP Paribas Fortis' security posture by addressing existing vulnerabilities and implementing robust security measures. The customized application security framework provided a comprehensive set of policies, procedures, and guidelines to ensure secure development practices across the organization.
2. Mitigation of Risks: Through proactive problem identification and solution implementation, the project effectively mitigated risks associated with application security and vulnerability management. Vulnerabilities were promptly identified, and appropriate measures were taken to remediate them, minimizing potential risks to critical assets.
3. Adoption of Secure Development Practices: The project's focus on secure development practices and SecDevOps methodologies led to the successful adoption of these practices by the IT development squads at BNP Paribas Fortis. Training sessions and coaching provided by the Application Security Experts helped teams incorporate secure coding practices into their development lifecycle.
4. Streamlined Vulnerability Management: The project improved the technical infrastructure supporting automatic code reviews and open-source library evaluations. By optimizing security testing tools and processes, vulnerability management became more streamlined, enabling efficient execution of security checks and timely resolution of defects and vulnerabilities.
5. Sustainable Security Measures: Futurwork's collaboration with BNP Paribas Fortis ensured the implementation of sustainable security measures. The project's three-year contract duration allowed for comprehensive analysis, solution implementation, and continuous improvement of application security practices, ensuring long-term protection against evolving threats.

Key Figures:

• 3 ETP - Application Security Expert
• Contract Duration: 01/2021 till 03/2023
• Budget - Around 350K€