Sumeru solutions – Invicti case study

Industry: IT & Telecom

Company: Sumeru Solutions

Location: Bangalore, Karnataka, India

Company size: 201-500 employees

“We like Invicti not only because it’s quick to set up, but also because the scanning itself is fast, reliable, and without excessive false positives (which in itself saves a lot of time).”

Scanning web applications at scale is probably one of the most challenging tasks for any web security specialist. This interview with Sumeru’s lead pentester explains why he chose Invicti over other tools to manage, automate, and accelerate the security scanning of his clients’ web application.

Can you tell us a little about Sumeru Solutions and your role at the company?

“Of course, I’m an Information Security Analyst at Sumeru. We’ve been in the IT services industry for more than 10 years. We actually started out pretty small – just 3-4 people building great software.

We now have clients all over the world—in 22 countries to be exact—who rely on us for their websites, information security and business process management.

Our clients include entrepreneurs, banks, hotels, airlines, political parties and many more. We are deeply passionate about our work and driven by a strong sense of purpose.

We currently have three offices: one in the US, one in the UK and one in India. We also have a joint venture in Africa.

When it comes to certifications, we are a Microsoft Gold Certified Partner, CERT-In and an ISO 27001 certified company.”

Can you share some background on your decision to use Invicti?

“We started using Invicti in 2013 to automate and speed up our web scanning. Since then, automated vulnerability testing has become an integral part of our regular pentesting process.

Before using Invicti, we were manually testing for critical vulnerabilities and applying web firewalls. But since we handle large volumes of critical customer data and sensitive information, ensuring that our scanning process is both consistent and highly reliable became a top priority.

We invested time in evaluating other web application security scanners but found that none matched Invicti in terms of ease of setup and overall reliability.”

What can you tell us about your current use of Invicti?

“It’s clear that after 10 years of operation, we have developed very consistent practices and procedures.

We now use Invicti five days a week to regularly scan four websites. These include both civilian and government systems built on various web frameworks and hosted across different server environments—all of which Invicti manages effortlessly.”

Did Invicti find any vulnerabilities that you can share?

“Yes! In several mission-critical applications, Invicti successfully identified both SQL injection and code execution vulnerabilities—two categories of security flaws it excels at detecting.”

Have you had the opportunity or need to call customer support or sales? How was your experience?

“Yes, we have—and the customer service has consistently met our expectations, delivering the level of responsiveness and reliability we require for such a vital aspect of our business.”