Client
A development team within NHS England & Improvements / NHS-X engaged Prism Infosec to perform a comprehensive security assessment of a key web application in development. The engagement included reviewing the application code as well as the supporting Azure and Office 365 configurations.
Challenge
The client needed assurance that the application—designed to handle personal data—was secure against common web vulnerabilities and misconfigurations. The primary concerns were the potential for user compromise, data leakage, and weaknesses in the application’s business logic and cloud infrastructure
Solution
Prism Infosec carried out an in-depth web application penetration test, focusing on issues outlined in the OWASP Top 10 framework, such as injection flaws, cross-site scripting, broken authentication, and insecure session handling. A secure code review was also conducted to identify flaws not visible through front-end testing. In parallel, the Azure and Office 365 environments were assessed to evaluate access controls, platform management practices, and risks of unauthorised access or information disclosure. Throughout the engagement, Prism Infosec provided daily updates and wash-up meetings to communicate findings, particularly those deemed high or critical.
Results
The project concluded with the delivery of a detailed security assessment report. This included a management summary, a clear description of the scope and resources involved, and a comprehensive analysis of findings. Each issue was rated by severity and accompanied by supporting evidence and tailored remediation advice. The client gained clear visibility into security gaps and actionable guidance to strengthen the application and its cloud infrastructure prior to deployment.
