Case Study

Security Improvements for a Complex Health Care Application

About the Client

GraphixAsset is a UK-based software company building iPhone and Android apps, designing and building web applications, computer graphics, point-of-sale and motion graphics.


GraphixAsset developed the eMAR (electronic Medical Administration Record) system specifically for a national charity, providing services for people with learning disabilities throughout England. The application maintains MARs (Medical Administration Records) electronically. A web interface provides admin functions whilst end users access the system from their Android smart phone or tablet. GraphixAsset approached T&VS to perform the security testing.

The T&VS Technical Solution

T&VS asureSECURE team tested the eMAR application’s defence against an unauthorized attack and identified vulnerabilities that could potentially pose a security threat. T&VS provided recommendations and guidelines for such threats, which help in protecting the confidentiality and integrity of personal data.
The eMAR web application penetration test was carried out with reference to the OWASP ASVS (Application Security Verification Standard). The T&VS security experts created a customized security testing checklist for eMAR web application. After running 600+ security test cases, the T&VS asureSECURE team came up with a list of serious security issues and assisted eMAR developers with fixes.
The eMAR android app penetration testing was performed with the reference to the OWASP Mobile security standard. T&VS again created a customized checklist and performed in-depth android app security assessment from following three attack vector possibilities.

  • Client side security assessment
  • Server side security assessment
  • Communication level security assessment

Client Benefits

  • T&VS introduced an efficient methodology for security testing.
  • The T&VS security assessment will improve business continuity.
  • The fixes made will minimize Black Hat (malicious) attacks.
  • The security assessment will help to protect clients, partners and third parties data.

Find out more

For more information on our asureSECURE service, including Security Coaching and Penetration Testing or to discuss you security requirements in more detail, please Contact Us.

Get in Touch

Find Out More

Contact one of our consultants today to discuss your requirements.
No hard sales, just pertinent questions to understand your needs and to discuss how we may be able to help.

Alternatively contact one of our Local Sales Offices.

Get in Touch