ING EURASIA IT Audit Team Chooses Invicti to Detect Web Application Vulnerabilities

As opposed to other web application scanners we used, Invicti is very easy to use and does not require a lot of configuring. An out of the box installation of Invicti Web Application Security Scanner can detect more vulnerabilities than any other web application security scanner we have used so far.

– Perry Mertens, Audit Supervisor within the ING Insurance EURAsia IT Audit team

An international financial institution such as ING Insurance that has offices all over the world, remote employees, and a sophisticated infrastructure, depends heavily on web applications. Web applications such as internal portals, external portals, life insurance and investment management websites, as well as, online banking web applications are used to share data among all of the corporation’s offices and employees.

Web applications are also used by ING customers and other businesses to access their bank accounts and finances.

The above implies that a great focus has to be put on security to protect all this information that is extremely valuable for the institution and its clients.

An Automated and Easy-to-Use Web Application Security Solution Needed

The IT Security Audit team at ING performs audits to ascertain whether numerous websites and web applications are solid and secure. Most of these web applications are custom built, using a wide variety of commonly used web frameworks as underlying infrastructure.

The need was evident for a solution that could meet the financial institution requirements and that could be implemented seamlessly.

Why did ING IT Audit Team Choose Invicti Web Application Security Scanner?

When a company has the need to audit many web applications on a continuous basis, they need to make sure that the right tools are used to detect all web application vulnerabilities possible, to keep malicious hackers out and make sure their customers’ money is secure at all times.

The ING EurASIA Audit team chose Invicti over several other web application security scanners because:

  • It is a very easy-to-use web application security scanner.
  • Penetration testers do not need to spend hours configuring it because, by default, it supports a wide variety of web application technologies.
  • Implementations can generate meaningful reports.
  • It is affordable.

Invicti Identifies More Vulnerabilities and Reports No False Positives

When we were evaluating web application security scanners, Invicti was the scanner that identified most vulnerabilities without requiring any configuration changes. It also identified several SQL injection and cross-site scripting vulnerabilities that other scanners did not identify

– Perry Mertens, Supervisor Auditor at the ING EurAsia IT Audit team

About ING

ING is a global financial institution of Dutch origin, currently offering banking, investments, life insurance and retirement services to meet the needs of a broad customer base.

Turn your security process into a success story