Product security 
Multi-factor Authentication 
Secured SDLC 
Auditing and Monitoring Problem statement
As a security consultant, RSK Business Solution provided the SDG IQ tool with end to end product security in secured SDLC fashion.
- They aimed to track their client's status to check how their business is performing against the Sustainable Development Goals laid by the UN.
- To provide the users with a comprehensive overview of their direct, upstream, and downstream operations in relation to becoming a sustainable business and having a positive impact on the environment, society, and economy.
- With a publicly facing application they are more concerned about security.
How we have solved it?
RSK Business solution provided Nature Positive with the holistic approach which includes:
- An integrated security controls on the architecture
- Threat modelling to identify design short comings on the early stages
- A Secured Code Review
- Static Application Analysis
- Software Composition Analysis
- And Penetration testing
Approaches we use to solve?
We have used two approaches to make sure of the ultimate product security for their online data:
- Grey box Testing
- White box testing
What are the mitigations and remediations?
- As Security Consultant, we have suggested to run and pass the entire Development Process through Vulnerability Assessment Penetration Testing
- Analysis of the information from public resources
- Strengthen an additional layer of encryption to deal with external communications
- Vulnerability Assessment in all terms gives us the doorways to discover potential targets web and application servers with the use of known automated tools.
Tools used:
Nmap, Nikto, OpenVAS, Burp Suite Pro, Metasploit, , sqlmap, XSpider, ZAProxy and many more.
