Deployments found: 2
An international financial institution such as ING Insurance that has offices all over the world, remote employees, and a sophisticated infrastructure, depends heavily on web applications. Web applications such as internal portals, external portals, life insurance and investment management websites, as well as, online banking web applications are used to share data among all of the corporation's offices and employees.
Web applications are also used by ING customers and other businesses to access their bank accounts and finances.
The above implies that a great focus has to be put on security to protect all this information that is extremely valuable for the institution and its clients.
An Automated and Easy-to-Use Web Application Security Solution Needed
The IT Security Audit team at ING performs audits to ascertain whether numerous websites and web applications are solid and secure. Most of these web applications are custom built, using a wide variety of commonly used web frameworks as underlying infrastructure.
The need was evident for a solution that could meet the financial institution requirements and that could be implemented seamlessly.
Why did ING IT Audit Team Choose Netsparker Web Application Security Scanner?
When a company has the need to audit many web applications on a continuous basis, they need to make sure that the right tools are used to detect all web application vulnerabilities possible, to keep malicious hackers out and make sure their customers' money is secure at all times.
The ING EurASIA Audit team chose Netsparker over several other web application security scanners because:
- It is a very easy-to-use web application security scanner.
- Penetration testers do not need to spend hours configuring it because, by default, it supports a wide variety of web application technologies.
- Implementations can generate meaningful reports.
- It is affordable.
"When we were evaluating web application security scanners, Netsparker was the scanner that identified most vulnerabilities without requiring any configuration changes. It also identified several SQL injection and cross-site scripting vulnerabilities that other scanners did not identify," said Perry Mertens, Supervisor Auditor at the ING EurAsia IT Audit team.
Unify's Need for Web Application Security
Unify develops web-based products, and also provides security services and penetration tests. For a company that is proud of its 160 years of experience in communications technology, it cannot afford to ship vulnerable web applications or not identify all vulnerabilities on a customer's web application during a penetration test.
To retain its healthy customer base and ensure growth, Unify leads by example: the tools that its security professionals use to scan the web applications that are shipped with their own products are also used for all customers' penetration tests. By doing so, Unify also ensures that all customers get the best possible service: one that they trust themselves.
The Challenge to Identify All Vulnerabilities and Security Flaws
Some years ago, Unify security professionals used to perform manual penetration tests. However, as both their products and customers' web applications grew and became more complex, they needed security tools to keep up with all the new web development frameworks, as well as the growing demand.
By using the right security tools, Unify's security professionals could automate most of the processes and, at the same time, confirm that all potential attack surfaces of a web application were identified. Therefore, by combining manual testing and automated scans Unify's security team could not only save on time and costs, but would also ensure that no stone was left unturned, and that all vulnerabilities and security flaws were identified.
Sourcing the Right Web Application Security Scanner
Finding the right web application security scanner is not easy when you need to scan thousands of websites and web applications that are built with so many different web frameworks and run on a variety of web servers.
Considering the urgency of the matter, Unify's security professionals opted for a popular commercial tool, though it soon let them down because of the high amount of false positives it reported. False positives are a big productivity killer, because rather than relying on the scanner's results you have to verify its findings, hence losing all the benefits of automation.
Unify's security experts decided to dig deeper into automation technology. "When we looked around in 2011 for a new web application security scanner, we tested several tools," said Harald Nandke, Principal Consultant at Unify. "Netsparker was the best in terms of price-benefit balance. It is a very stable software, faster than the previous tool we were using and it is relatively free of false positives, which is exactly what we were looking for," added Nandke.
Unify and Netsparker's Strong Partnership
Unify has been using Netsparker Web Application Security Scanner for almost four years. They scan at least thirty web applications per month and this number is expected to grow. Such a strong partnership could not be possible without outstanding product support, especially in this complex and always evolving industry.
"We used Netsparker's support from time to time and the experience was very good. We are satisfied with the response time and also with the service and solution quality," said Nandke.
Netsparker has become a valuable tool in Unify's security toolbox. It enables its security professionals to efficiently scan their own web applications, as well as their customers', to highlight the most important security threats before the manual tests complete the penetration test.
The ROI4CIO Deployment Catalog is a database of software, hardware, and IT service implementations. Find implementations by vendor, supplier, user, business tasks, problems, status, filter by the presence of ROI and reference.