Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CZ strengthens DORA compliance with Invicti Enterprise for healthcare-grade AppSec

“As a leading medical insurer, CZ must protect personal data and comply with regulations like DORA. Invicti helps our teams run daily security tests that make risks visible and manageable, enabling us to stay secure and compliant.”

—Sonja van den Heijkant, Tester CRM IBZ / Community of Practice Lead

Building secure applications in a regulated healthcare environment

CZ is one of the largest health insurance companies in the Netherlands, serving millions of customers with critical healthcare services and coverage. With a significant portion of its software developed in-house, CZ operates a large and diverse IT environment. Over 30 teams contribute to a hybrid software landscape spanning more than 100 applications across on-premises infrastructure and cloud platforms such as Azure, Outsystems, .NET, Java, and Dynamics.

For any insurance provider involved with healthcare, protecting sensitive personal data isn’t just good practice—it’s a legal and ethical imperative. CZ must comply with multiple regulations, including the EU’s Digital Operational Resilience Act (DORA), which mandates security testing as part of resilient IT operations. This makes robust application security a strategic requirement.

Scaling automated security across dozens of development teams

Before adopting Invicti, CZ had no centralized solution for dynamic application security testing (DAST). Each team had at least one test engineer responsible for manual and automated functional testing but lacked dedicated tools to automate and scale security testing.

To meet DORA compliance and ensure consistent application security across all teams, CZ adopted Invicti Enterprise. With its ease of use and flexible configuration, Invicti enabled daily automated security tests across a wide range of environments, ensuring critical OWASP Top 10 vulnerabilities are checked regularly as part of the Microsoft Secure Development Lifecycle (SDL).

“For teams like ours, there is a real need for software to run automated security tests and cover the most important OWASP vulnerabilities.”

Fast, reliable security testing that supports compliance

The Invicti solution immediately empowered CZ’s test engineers to shift from ad hoc manual testing to consistent, automated DAST coverage. Invicti’s support services and onboarding resources, including informative webinars, helped CZ implement testing processes that integrated smoothly into each team’s workflows.

With Invicti, teams can run daily scans to identify and mitigate risks before they reach production. This shift enables CZ to demonstrate security diligence, support DORA compliance, and maintain the high standards expected of a healthcare provider handling sensitive customer data.

“We went from no DAST to easy-to-configure and run DAST—that means daily security tests are now a reality.”

Supporting a culture of security and continuous improvement

Invicti Enterprise has become a foundational part of CZ’s application security program, empowering test engineers with tools to independently verify the security posture of their applications. The platform’s accuracy and reliability reduce overhead, eliminate unnecessary noise, and focus attention on real risks.

“The Invicti DAST solution helps our teams and testers run daily security tests that make visible what risks have to be mitigated.”

With Invicti, CZ isn’t just checking a box for compliance—it’s building a culture of security that meets the demands of healthcare, regulation, and customer trust.

Sumeru Solutions
“We like Invicti not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself).”
Read the Sumeru Solutions Case Study
ING Bank
"As opposed to other web application scanners we used, Invicti is very easy to use and does not require a lot of configuring. An out of the box installation of Invicti Web Application Security Scanner can detect more vulnerabilities than any other web application..."
Read the ING Bank Case Study
RPM Software
“Invicti are not just another vendor from where we purchase any other software, they are like business partners. We have to trust their products do a good job to ensure the security of our cloud-based platforms, else our business’ reputation could on the line. And Invicti have earned such trust.”
Read the RPM Software Case Study

Turn your security process into a success story