End-to-End Risk Mitigation for ERP Expansion

A global leader in cloud-based ERP and POS solutions, the client serves retailers across 30+ countries with integrated modules for inventory management, billing, sales analytics, and CRM. Their SaaS platform is central to operations in retail chains of varying sizes and geographies.

As the client expanded its ERP solution across regions, security risks emerged in their web applications, APIs, and AWS infrastructure due to inconsistent deployment configurations and regional customizations:

• Localized tax and discount engines on web modules were vulnerable to tampering due to missing access control validation
• High-volume inventory updates via APIs lacked input sanitization, exposing the system to injection and logic corruption attacks
• Interconnected microservices (sales, returns, CRM) were prone to lateral privilege escalation due to weak inter-service validations
• The absence of offensive validation techniques resulted in unmonitored vulnerabilities on cloud-hosted AWS services across regions

Evoke executed a multi-pronged Offensive Security and Product Security engagement focused on protecting global operations across critical assets:

• Performed Web and API Penetration Testing
• Prioritized module security with a risk-tiering model
• Automated detection of vulnerabilities across assets
• Delivered a centralized Security Console Dashboard

• Enabled continuous security validation across 10+ global regions, increasing visibility and responsiveness to risks
• Reduced the cost of post-release security incidents by 30% over two quarters
• Identified and remediated critical pricing manipulation vulnerabilities, preventing potential revenue loss exceeding $100K
• Increased secure release velocity by 40%, with embedded security checks in CI/CD workflows
• Strengthened regulatory alignment with PCI DSS and GDPR across all retail operations