Scribd
Upload
22 views3 pages

Security in Software Engineering Case Study

SecureBank's mobile banking app was compromised due to multiple software engineering flaws, including insecure API endpoints and hardcoded credentials, leading to financial loss and reputational damage. The development team failed to follow secure software development life cycle practices under pressure to deliver quickly. To mitigate future risks, SecureBank adopted secure SDLC practices, improved authentication methods, and provided security training for developers, resulting in a successful relaunch of the app with enhanced security.

Uploaded by

dehol11093
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views3 pages

Security in Software Engineering Case Study

SecureBank's mobile banking app was compromised due to multiple software engineering flaws, including insecure API endpoints and hardcoded credentials, leading to financial loss and reputational damage. The development team failed to follow secure software development life cycle practices under pressure to deliver quickly. To mitigate future risks, SecureBank adopted secure SDLC practices, improved authentication methods, and provided security training for developers, resulting in a successful relaunch of the app with enhanced security.

Uploaded by

dehol11093
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Case Study: Security in Software Engineering

Overview

A mid-sized financial institution, SecureBank, developed a mobile banking application to provide services

such as fund transfers, bill payments, and account management. The app was developed in-house using a

rapid Agile development cycle. Within six months of its launch, the application was compromised by a group

of cyber attackers.

Problem Statement

Despite using encryption and basic authentication, attackers managed to gain unauthorized access to several

customer accounts. This breach resulted in:

- Financial loss to customers and the bank

- Legal liabilities

- Loss of customer trust and reputation damage

Investigation and Findings

A security audit revealed multiple software engineering flaws:

a. Insecure API Endpoints:

- Some API endpoints lacked proper authentication and input validation.

- Attackers used API manipulation tools to forge requests and gain access to user data.

b. Hardcoded Credentials:

- Developer test credentials were left in the production code repository, which was accidentally made public.

c. Lack of Secure Coding Practices:


Case Study: Security in Software Engineering

- SQL queries were constructed with string concatenation, making the app vulnerable to SQL injection

attacks.

d. Weak Session Management:

- Sessions did not expire properly, allowing reuse of old session tokens.

Root Cause Analysis

The development team was under pressure to deliver quickly and had not followed secure software

development life cycle (SSDLC) practices. Security testing and code reviews were minimal. There was no

dedicated security expert in the team.

Mitigation and Solution

To recover and prevent future incidents, SecureBank implemented the following:

- Adopted Secure SDLC Practices: Integrated threat modeling, code review, and penetration testing in each

phase.

- Used OAuth2.0 and Strong Authentication: Replaced basic authentication with token-based security.

- Implemented Secure Coding Guidelines: Enforced OWASP guidelines for all developers.

- Improved Logging and Monitoring: Real-time monitoring to detect unusual activity.

- Security Training: Conducted workshops for developers on secure coding and common vulnerabilities.

Outcome

Within 3 months, SecureBank relaunched the app with improved security. No major breaches occurred

afterward, and customer trust was gradually restored.


Case Study: Security in Software Engineering

Key Takeaways

- Security must be integrated from the beginning of software development.

- Regular security audits and code reviews are essential.

- Developer training in security best practices can prevent common vulnerabilities.

- Rushed development often overlooks critical security aspects.

You might also like