Industry: Financial Services
Company: Indonesian Financial Services Company
Location: Indonesia
Product: Invicti Enterprise
“We needed a solution to assess the security of applications, especially customer-facing web applications. For this reason, we needed a more robust way to assess security, which led us to Invicti.”
A large bank in Southeast Asia with over 7,000 employees was looking for a way to improve the security of its customer-facing web applications. As with any large financial institution, security is critical to ensuring the protection of thousands of daily customer transactions and vast amounts of sensitive data.
Challenge: Increased Threat of Attacks on Bank’s Confidential Customer Data
A bank was launching a new planning and initiative project that included a requirement to procure and implement solutions to improve web security. The project was driven by two major challenges: the growing number of web applications needed to meet the expectations of the bank’s customers, and the transition from a traditional on-premises configuration to the cloud.
The bank’s web security team already had a web application security scanner but was looking for a more robust solution that would allow for detailed security audits of their numerous web applications, especially those that were customer-facing.
Solution: Deeper Web Application Security Insights with Invicti
After testing Invicti and comparing its capabilities with its previous web application security scanner, the bank chose Invicti, which allowed the team to gain a deeper understanding of web application security.
Benefits
- Better visibility into potential vulnerabilities that could be exploited by attackers
- Ability to run multiple scans simultaneously
- Deeper scanning capabilities than other scanners
- Support for more aggressive penetration testing
- Detailed analysis reports complete with remediation instructions
- Vendor openness to new feature suggestions
Invicti’s customized scans uncovered vulnerabilities that other scanners could not
Invicti’s testing mechanisms allowed for deeper and more detailed scanning than other scanners tested by the bank, including additional parameters for further customization. Combined with authentication support, this gave the security team a better overall view of all vulnerabilities that could be exploited by attackers. The available scanning capabilities also allowed security professionals to conduct more aggressive manual penetration testing if necessary (via Invicti Desktop).
Invicti also offered the ability to run multiple simultaneous scans and schedule regular scans for groups of websites. This continuous testing ensured that they received regular and up-to-date reports with detailed instructions on how to implement fixes for each vulnerability found.
The bank team was particularly impressed with the level of support provided by Invicti’s team, which helped security staff get up and running quickly and efficiently.
Using Invicti increases both accuracy and efficiency
While the initial goal was to gain a deeper understanding of the security of their web applications, the bank’s security team reported that implementing Invicti also made their process more efficient.
“We have become more efficient in our scanning process and have achieved more accurate results thanks to the use of Invicti. The performance improvement was a direct result of using Invicti’s customized scan parameters to obtain more accurate results, avoiding unnecessary scan parameters. Management also noted that patches are now being implemented faster because developers are receiving an up-to-date list of identified vulnerabilities along with detailed instructions on how to fix them.”
