Application security testing for Department for Regional Development, Northern Ireland

The Department for Regional Development Northern Ireland

The Department for Regional Development (DRD) was created in 1999 and is one of eleven Northern Ireland Executive Departments. DRD's main responsibilities include: regional planning; transportation strategy; ports and public transport; roads and water policy as well as providing and maintaining roads.

Background

DRD's Information Systems Unit (ISU) needed to ensure that its web applications were being developed and deployed in a secure manner and decided to conduct a security review of DRD's applications.

Sopra Steria's long track record of delivering similar projects to other public sector clients helped it to win this contract in a competitive tender. Sopra Steria worked closely with the ISU to understand the issues DRD faced and to improve developer awareness around securing web applications. The outcome was the production of a series of reports outlining recommendations for improvement and potential remedial actions.

Solution

Sopra Steria worked closely with DRD NI to assess, test, secure and improve their ISU web applications.

Each application reviewed underwent application penetration testing and a code/design analysis. After the assessment stage Sopra Steria delivered the following to DRD:

  • A summary of recommendations (graded and prioritised) including recommendations on enhancing the ISU's existing coding/design standards
  • Inputs to ISU standards, in particular: code snippets; enhanced coding & design standards (in conjunction with ISU staff); design architecture – best practice guide
  • Presentation material (slides, notes and technical references) to aid education of the ISU development team
  • A detailed response to notified security queries, issues and problems which arose during the course of this project

Benefits

Sopra Steria delivered DRD a solution that was on time and on budget and delivered the following benefits:

  • Increased developer awareness and understanding of the importance of security throughout the application development lifecycle
  • Advice that helped to shape DRD's new application security standards
  • Strong guidance in the development of new security components