A mid-sized insurance company preparing for a regulatory audit engaged Codesecure for a comprehensive source code review of their policy management and claims processing applications. We performed SAST analysis and manual code review across Java and Python codebases to identify hardcoded secrets, injection vulnerabilities, insecure cryptography, and business logic flaws.

Case Study / Source Code Review for an Insurance Company

Client Overview

A mid-sized insurance company had developed in-house applications for policy management, claims processing, and customer self-service portals. These applications handled sensitive personal and financial data including Aadhaar numbers, PAN details, policy documents, and claim settlement records. With an upcoming IRDAI regulatory audit, they needed assurance that their application code was free of critical security vulnerabilities.



Challenge

The development team had followed functional requirements closely but security had not been a primary focus during the development lifecycle. No structured code review or SAST process existed. The applications spanned over 200,000 lines of code across Java (Spring Boot) and Python (Django) with multiple third-party library dependencies. The client needed a thorough assessment without disrupting ongoing development.



Source code review for insurance company

Our Approach

Codesecure conducted a comprehensive source code review engagement covering the following areas:

• Static Application Security Testing (SAST) using industry-standard tools across the entire codebase
• Manual code review focusing on authentication, authorisation, session management, and input validation logic
• Dependency scanning for known vulnerabilities in third-party libraries (Maven and pip packages)
• Secrets detection — scanning for hardcoded API keys, database credentials, encryption keys, and tokens
• Business logic review of claims processing workflows for approval bypass and privilege escalation risks
• Cryptographic implementation review — encryption algorithms, key management, and hashing practices
• Detailed findings report with code-level remediation guidance and severity classification



SAST analysis and manual code review process

Results

We identified 29 vulnerabilities — 4 critical, 10 high, and 15 medium severity.

Critical findings included:

• Hardcoded database credentials in a configuration file committed to the repository
• SQL injection in the claims search functionality
• Broken access control allowing agents to view policies outside their assigned region
• Use of MD5 for password hashing without salting

The development team remediated all critical and high findings. We conducted a revalidation and confirmed successful fixes.



Source code review remediation results for insurance company

Conclusion

Source code review is essential for organisations handling regulated data. By identifying vulnerabilities at the code level before deployment, the client addressed security gaps proactively and entered their regulatory audit with confidence. Contact Codesecure for a thorough source code security review.



Is your organization secure? We work 24x7 to secure

We work around the clock to ensure your digital safety with proactive, cutting-edge solutions and expert support

Footer left
Codesecure

Codesecure Solutions is the best Cyber Security Company in Chennai, We provide rapid, reliable and affordable cybersecurity solutions that are available 24/7 to protect your business from cyber threats.

Copyright ©2026 Codesecure All Rights Reserved