Case Study: MetaOptima Enhances Security Practices through a Web Application Assessment
MetaOptima and its intelligent dermatology and skin analytics platform, DermEngine, offer users fast and accurate dermatology care. Headquartered in Vancouver, Canada, MetaOptima was founded in 2012 by CEO Maryam Sadeghi and CTO Majid Razmara. Over the last decade they have built several tools contributing to better healthcare outcomes for their user base and have continued to make the world a better place for patients, doctors and businesses in the process.
The Testing Process - Investing in Security Posture
As an organization that stores sensitive medical data, MetaOptima is heavily focused on locking down their systems and investing in their security posture. MetaOptima partnered with Echelon Risk + Cyber to simulate an adversarial attack on their DermEngine web application, ensuring they are functioning at their most secure level.
The Echelon team performed a penetration test of DermEngine. Using a proxy tool, the team manually performed several advanced test cases within the application and analyzed the web traffic requests issued throughout the application and attempted to manipulate data sent to the server. Through this emulated attack scenario, the Echelon team was able to make several findings and assist MetaOptima in resolving them.
The goal of this type testing is to discover flaws in the web application before hackers do. Additionally, the team ran an industry-leading automated scanner to assist in thoroughly covering the application’s breadth. The entire testing process took approximately two weeks to complete.
The Outcome – Security Resolutions Reached Quickly
After receiving the results of the test, MetaOptima was able to make immediate improvements to their application. The detailed report and open collaboration allowed for clear and precise resolutions to be reached quickly.
"Working with Echelon was a smooth and transparent process.” Parminder Benipal, Director of Technology at MetaOptima said. “Their team of talented testers were quick to respond and provided an in-depth assessment of our application's security. We are looking forward to working with them again in the future."
The end result of the penetration test allowed for security improvements in the following areas:
- User Account Security
- Endpoint Authorization
- Input Sanitization
The testing of MetaOptima’s DermEngine web application allowed for the enhancement of the platform’s security, along with the implementation of future secure coding practices.