The following is a case study to illustrate how MacguyverTech can help a business with application and network security. The importance of a third-party review for apps pre-launch cannot be overstated. Third-party reviews help uncover security flaws and enforce best practices in coding and file directories.
The Client:
For over 25 years, HALO®’s mission has been to create simple, innovative products that make safe sleep easier for customers and more comfortable for babies. They help babies sleep safely from birth through toddlerhood.
In addition to the HALO® SleepSack® and HALO® BassiNest, they use a SleepSure smart monitor and app to track four key measures in real time: Heart rate, rollover, skin temperature, and movement. The app features custom alerts and monitor data trends to help adjust their environment for more comfortable sleep.
The Case:
The HALO® Sleep App was developed by multiple parties for different areas of functionality. HALO® desired a third-party audit to verify that all application data, both external and internal, was secure and multiple developmental parties did not pose any security risks.
To this end, HALO® approached MacguyverTech to review their application and network before it was made available to the public. MacguyverTech agreed to perform a Pentest Scan and code review of the HALO® Sleep App to find any potential vulnerabilities.
Analysis:
MacguyverTech used a Pentest Scan, as opposed to a standard Pentest. A standard Pentest is an active exploitation technique in which a simulated attack is performed on a program and/or network, with the goal of using said vulnerabilities to actively penetrate the target environment and compromise the system.
A Pentest Scan is far less disruptive. MacguyverTech uses both manual and automated processes to scan for vulnerabilities. However, these vulnerabilities were then documented, (rather than utilized), and presented to HALO®.
Additionally, MacguyverTech performed a code review. A code review is an analysis of the foundational code to ensure that best coding practices are being followed. MacguyverTech checked to see if the HALO® Sleep App was properly organized, with directories and files properly ordered. They also checked to see if private information was properly secured within the program.
Results:
MacguyverTech found opportunities to increase security and improve coding techniques in the HALO® Sleep app pre-launch. These opportunities were presented to HALO® in a comprehensive support, along with suggestions on how to address the suggested improvements. MacguyverTech offered to remediate the findings, but HALO® decided to handle the remediation in-house.
During the remediation process, the Halo team had questions about best choices for some of the suggested changes. MacguyverTech worked with the dev team to answer their questions and discuss best options.
MacguyverTech performed a second test as part of the original agreement following remediation, and the results were significantly improved. Commenting was within guidelines, and architecture provided maximum capabilities for long-term growth. The app and network are now secure and available to customers.
For more information about MacguyverTech, visit our home page.
For more information about HALO® Sleep, visit their home page.