Industry: Banking—Financial Services
Company: ING Bank
Location: Amsterdam, Netherlands
Company Size: 10,000+ Employees
Product: Invicti Enterprise
“Unlike other web application scanners we’ve used, Invicti is exceptionally user-friendly and requires minimal configuration. Even in its default setup, Invict identifies more vulnerabilities than any other tool we’ve previously tested.”
Perry Mertens
Audit Lead, ING Insurance EURAsia IT Audit Team
As an international financial institution, ING Insurance operates across multiple countries with a distributed workforce and a complex IT infrastructure—all of which depend heavily on web applications. These include internal and external portals, life insurance and investment management websites, and online banking platforms that facilitate data exchange among the corporation’s offices and employees worldwide.
Additionally, ING’s clients and partner companies use these web applications to access their financial accounts and services.
Given this extensive reliance on web-based systems and the sensitivity of the data involved, ensuring robust security measures is paramount to safeguarding the organization’s and its clients’ valuable information.
Need for automated and easy-to-use solution for web application security
ING’s IT security audit team performs regular assessments to verify the reliability and security of the organization’s many websites and web applications. Most of them are custom-developed, built on a diverse set of widely used web frameworks.
It quickly became clear that the institution required a solution capable of meeting its stringent security standards while integrating smoothly into its existing environment.
Why did the ING IT audit team choose the Invicti Web Application Security Scanner?
When a company must continuously audit a large number of web applications, it is essential to use tools capable of identifying every potential vulnerability—protecting against intrusions and ensuring clients’ funds remain secure at all times.
The ING EurASIA audit team selected Invicti over several competing web application security scanners because:
- It is a very easy-to-use web application security scanner.
- Pentesters do not need to spend hours configuring it, as it supports a wide range of web application technologies out of the box.
- It can generate meaningful reports.
- The product is affordable.
Invicti finds more vulnerabilities and does not report excessive false positives
“During our evaluation of web application security scanners, Invicti stood out as the tool that detected vulnerabilities right out of the box, without the need for any configuration adjustments. It also successfully identified several SQL injection and cross-site scripting (XSS) vulnerabilities that other scanners completely overlooked.”
About ING
ING is a global financial institution of Dutch origin that offers banking, investment, insurance, and pension services to meet the needs of a broad client base.
