Case Study: Non-Profit Company Secures Its Insurance Mobile App with SoftServe

Security audit of an Insurance mobile Application

Non-Profit Company, a health-focused non-profit serving millions of members and tens of thousands of physicians, needed to secure a newly developed mobile insurance application before production. To meet its SDLC requirements and reduce risks such as unauthorized backend access, password brute forcing, and exposure of hardcoded values, it engaged SoftServe for an independent third-party security audit of the Kony hybrid mobile app.

SoftServe performed a one-week white-box security assessment, including dynamic analysis on Android and iOS plus static code review, and identified issues such as limited cryptography, hardcoded credentials, weak password-change logic, backend security gaps, and sensitive data artifacts. SoftServe then delivered detailed remediation guidance to the development team, helping the company fix critical vulnerabilities, release the app on schedule, and better protect sensitive client data while helping avoid potential HIPAA penalties of up to $1.5 million per incident.