Security Audit and Risk Assessment Case Study-2

RADcube > Case Studies > ENTERPRISE ARCHITECTURE & APPLICATION SOLUTIONS > Security Audit and Risk Assessment Case Study-2


As one of America’s largest essential health-care systems, our client provides treatment and services to nearly 1 million outpatient visitors each year. For more than 157 years, our client has offered high-quality, cost-effective and patient-focused health care to the residents of Marion County and Central Indiana.

Our Role

STLogics’ consultants completed Security Audit and risk Assessment for Client. Key highlights of the security assessment are as below:

  • Functional Mapping of the entire website with every detail about the URLs, parameters that are passed. Additionally special attention was given to areas which involved PHI information.
  • Test cases were created based on the application mapping.
  • Automated scans (including manual browsing and spidering of the application) using various open-source and in-house developed scanner.
  • Test case verification by manually confirming each of the potential test cases identified above.
  • Vulnerability correlation (Manual and Automated)

Once the first cycle of the engagement was completed and vulnerabilities were identified in the Client’s application, the consultants leveraged the known vulnerabilities to further penetrate the Client’s application architecture and identify the True Impact of the vulnerabilities.


The reports and remediation information provided were customized to match the Client’s operational environment and development framework. The following reports were submitted to the customer:

  • Executive Presentation: Overview of the entire engagement, the vulnerabilities discovered and the recommendations made to mitigate the threats identified on the Client’s websites.
  • Detailed Technical Report: Comprehensive information, proof of concept examples and detailed exploitation instructions of all the threats identified.
  • Excel Tracker: Simple and comprehensive vulnerability tracker aimed at helping the IT asset owner keep track of the vulnerabilities, remediation status, action items, etc.