Customer Stories | Financial Asset Market Company

Strengthening security in the financial market: how our client enhanced their operations protection with Conviso

Pentest

About the clientChallengeSolutionResultDownload PDFContact

About the client

Financial Asset Market Company
+80 employees
+20 developers

The client is a benchmark in technology for the electronic trading of financial assets, with a significant presence in major exchanges across Latin America and the United States.

Headquartered in Rio de Janeiro and São Paulo, the company provides an advanced platform for the fast and precise execution of trading orders. With over 280 end clients and 37 brokerage partners, it is recognized for its neutrality, cutting-edge technology, and customized solutions.

Destaques

18
treinamentos aplicados

63
desenvolvedores treinados

+ 200
requisitos de segurança implementados

Challenge

In-depth analysis while maintaining complete visibility

The company's Chief Information Security Officer (CISO) identified the need for a deeper security analysis of its applications and critical environments for its operations on the Stock Exchange. After testing with another provider, the company hired Conviso for our specialized focus on application security.

Given the systems' importance and sensitivity, the goal was to gain detailed visibility into vulnerabilities in applications and environments.

Solution

Comprehensive approach to vulnerable environments

To address the proposed challenges, we adopted a comprehensive approach that combined our Web, Mobile, and Network Pentest solutions, enabling a thorough analysis of vulnerabilities within the company's environment.

In the Web Pentest, we conducted many tests covering everything from the OWASP Top 10 to more specific vulnerabilities.

For the Mobile Pentest, we followed a methodology based on the MASTG that focused on identifying flaws in mobile architecture.

In the Network Pentest, we conducted tests to identify vulnerabilities in the company's internal network, covering everything from weaknesses in standard internal services to vulnerabilities in Active Directory.

Result

Enhanced protection and integrity of operations

The analysis revealed a complex and highly sensitive environment, including an internal network, a web environment, and a mobile application, all of which significantly impact the business. The detailed assessments allowed the client to take essential corrective actions to strengthen their security and protect their operations on the Stock Exchange.

The partnership with Conviso significantly enhanced the company's security posture by addressing the identified critical vulnerabilities.

Through detailed analysis and customized solutions, we provided an additional layer of protection crucial for the integrity and continuity of the company's operations in the competitive financial market.
With Conviso, the client mitigated risks and established a solid foundation to face future security challenges.

Cultura de Segurança:

Através da capacitação dos profissionais envolvidos no desenvolvimento, a segurança se tornou uma prioridade essencial em todas as etapas do ciclo de desenvolvimento.

Redução de custos:

A inserção da segurança nas fases iniciais do processo de desenvolvimento de software resultou em uma significativa redução dos custos associados ao retrabalho e aos testes pontuais.

Pentests mais abrangentes:

A colaboração entre a equipe da Stix e os recursos da Conviso enriqueceu os pentests, proporcionando uma compreensão mais profunda das vulnerabilidades e dos possíveis cenários de ataques e fraudes.

Melhor gestão de vulnerabilidades:

A Conviso Platform, juntamente com a comunicação com os analistas da Conviso, possibilitou uma gestão completa das vulnerabilidades, pautada no gerenciamento de riscos e de maneira contextualizada. Isso resultou em maior agilidade e precisão nas correções implementadas.

See how Conviso's Pentest can help you with comprehensive vulnerability assessments

Discover