Application Redevelopment – An Alternative

Application Redevelopment – An Alternative


A large, national health insurance provider conducted a routine penetration test on a critical web application uncovering a critical flaw. Further investigation revealed the following:

  • Blocking exploit traffic with a WAF was not technically possible
  •  Code remediation was not commercially feasible
  • Fixing the flaw would require a 6-month, multi-million-dollar redevelopment project.

What’s more, the insurance provider was confronted with either risk-accepting the flaw or taking the application offline. Luckily, the security testing company mentioned that RedShield might be able to help.



The Insurer contacted RedShield. In conjunction with the security testing company the flaw and exploit methods were shared with the RedShield team. RedShield then proposed a custom application stateful logic shield to address the specific flaw. The security tester agreed.Business process integration was reengineered and application test and dev traffic was redirected to a RedShield cloud node. RedShield applied, tested and deployed the stateful logic shield in 1 week for under $45,000.

Once successful tested, the shield was progressively rolled out across pre-production and production environments.

40k for RedShield to remediate application vulnerabilities that were beyond the capability of our WAF and required millions for the application developers to redevelop the app – the choice to go with RedShield was a no brainer.”



The life of this key web application, that was still functionally fit for purpose, was extended at a significant cost reduction at almost zero disruption. The RedShield solution not only shield the application from vulnerability, but helped theinsurer avoid issues related app re-development including significant development and testing time and cost, re-engineering of business processes, and system retraining and migration-related outages.

RedShield experts continue to monitor the tools and systems 24/7, audit the application defenses weekly, respond to any customer queries and application updates, and provide monthly commented analyst reports.

February 24, 2020