Simulation Details

Sterling Financial Group is a top financial services company recognized for its advanced digital solutions and strong security culture. After a significant data breach five years ago, the company overhauled its cybersecurity protocols, introducing multi-factor authentication, encryption upgrades, and regular compliance audits. Sterling’s new customer portal, built with React and Node.js and hosted on AWS, is designed to securely serve 500,000 users with features like secure login, transaction history, and encrypted document uploads. The portal must meet strict regulatory and industry standards, as it will be showcased at a major financial summit and is subject to compliance deadlines. The company’s reputation relies on launching secure, compliant products without critical vulnerabilities.

You take on the role of a Junior Security Analyst, leading a security review for Sterling Financial Group’s new customer portal. Your task is to identify and prioritize the most critical OWASP Top 10 vulnerabilities, focusing on those with the highest potential financial and reputational impact. First, you’ll discuss your findings with the Security Manager, who expects a structured, evidence-based approach and will help you refine your arguments. Next, you’ll negotiate with the Lead Software Engineer, who is under pressure to meet tight deadlines and is wary of any recommendations that could delay the project. You must balance robust security measures with the need to keep the project on schedule, proposing practical solutions that align with both security and development priorities.

– Identify and clearly explain the most critical OWASP Top 10 risks relevant to the portal.
– Justify your prioritization of risks in terms of business impact.
– Secure agreement from the Security Manager on your risk assessment.
– Negotiate with the Lead Software Engineer to agree on a practical mitigation plan that upholds security standards while respecting project constraints.
– Demonstrate your ability to communicate technical issues in business terms and build consensus through conversation.

Team

Who you will work with in this Simulation
Your team is 100% generated by AI – you will not interact with real people and no human will read your conversation.

Alex Chen
Junior Security Analyst

Elena Petrova
Security Manager

Marco Alvarez
Lead Software Engineer

Organization

A leading financial services company specializing in innovative digital solutions and advanced security measures for modern customers.