A bank had a long-term development contract with a company in India to develop a core banking application. The company was well-certified, including ISO 27001, and regularly trained its developers on cybersecurity risks and data handling. They also employed technologies to prevent data exfiltration, including blocking file uploads via browsers.
As part of their standard Cyber Security Assurance process, the bank used GuardWare ASSESSOR for a deep dive analysis of how the firm managed their source code and data. GuardWare ASSESSOR, with its unique ability to monitor source code, discovered that developers were accessing development forums—a common practice for troubleshooting.
However, to everyone’s alarm, it also detected that developers were posting source code from the core banking application on these forums, seeking help for specific issues.
The discovery was alarming. Although the firm promptly blocked all forum access, the damage was already done. Some of the exposed code was related to the live production application, raising serious security risks.
As a result, the bank had to engage a third-party secure code assessment firm to revalidate the application’s security and hire a specialist cybersecurity firm to monitor the application during its redevelopment to prevent any misuse of the exposed code.
To avoid future issues, the third-party firm now uses GuardWare INSIGHT to monitor developer activities. With INSIGHT, they can safely re-enable forum access, confident that any unauthorized source code postings will be promptly detected and addressed.
