VST

Verve Square Technologies
Get In Touch

Security Audit for Bank IT Infrastructure

  • INDTUSTRY

Infrastructure and Construction

Expertise in E2E Testing solutions for construction industry software solutions including use of RPA for sales process.

  • Banking Network Infrastructure
  • Location
  • Security Testing

Infrastructure and Construction

Expertise in E2E Testing solutions for construction industry software solutions including use of RPA for sales process.

CONTEXT

A 100-year-old Indian bank with business worth over 1000 Cr sought to conduct a Network & Core Banking System (CBS) Vulnerability Assessment and Penetration Testing (VAPT). The project included a security audit of servers, systems, and IT infrastructure, following OWASP-10 guidelines for the CBS application, website, and email server. The engagement involved an on-site visit, a thorough review, and the provision of valuable security recommendations across branches and disaster recovery (DC-DR) sites.
View All Case Studies

Challenges

  • Physical security review of multiple branch locations.
  • Ensured compliance with RBI directives and master circulars for data security.
  • Gathering information and scanning services to detect vulnerabilities in networks, systems, and banking applications.
  • Lack of user awareness across various roles in the organization.
  • Testing servers and network devices without disrupting production servers.
  • Audited Asia's largest IBM-powered DC-DR setup for top security standards.

Solution

  • Conducted comprehensive internal and external network/CBS security assessments, ensuring compliance with CIS Benchmarks.
  • Provided secure configuration recommendations for VPNs, which were used by branches connected through the network.
  • Audited customized CBS applications and virtual servers in the testing environment to detect potential vulnerabilities.
  • Manually verified configurations of firewalls, routers, and switches to complement automated tools and ensure robust network security.
  • Used tools such as Burp Suite, Nmap, Nessus, and Metasploit to perform rigorous penetration testing, simulating various attacks on the system.

Value Delivered

  • Recommendations were provided to improve internal and external network/CBS security based on RBI compliance standards and corporate policies.
  • Penetration tests covered a wide range of components, including 22 servers (D.C.-D.R.), 4 VPNs and firewalls, 12 routers and switches, 180 end-user devices, 33 VMware servers, 8 other network devices, and the CBS application.
  • Adhered to OWASP-10 security guidelines to fortify the CBS application.
  • Technical findings from the system audit ensured adherence to RBI compliance standards.
  • Enhanced the security posture of the client’s IT infrastructure, safeguarding systems and client information across the enterprise.
Related Case Studies

Mobile App Test Automation with TDD Telecommunications (Cable) Location Performance Testing CONTEXT Elyments is an India-based mobile application similar to...

Read More

Test Automation with Robot Framework Telecom Location Test Automation CONTEXT Telecom service company in Saudi Arabia that provides mobile and...

Read More

UI & API Test Automation with BDD (Selenium + Java + Cucumber) Financial Services Location Test Automation CONTEXT Wealth Engine...

Read More
View All Case Studies