LeoVegas integrates Invicti into CI/CD for faster scanning and more efficient development

With Invicti, we have the ability to automate and integrate it with CI/CD and also the option to optimize a scan, resulting in a more efficient process taking less time to complete.

– Geoffrey Spiteri, Senior Group Security Engineer, LeoVegas Mobile Gaming Group

LeoVegas Gaming Group offers casino, live casino, and sports betting under several global and UK brands. LeoVegas is a leading online casino operator with a focus on mobile gaming technologies.

The challenge of combining security with rapid development

Operating in the regulated online and mobile casino industry requires close attention to cybersecurity. LeoVegas relies on its websites and applications to provide gaming services while securely processing user data and financial transactions, so a vulnerability in any of these could mean financial losses, reputational damage, or even legal consequences. Ensuring web application security is a critical requirement for the company.

Vulnerability management is paramount to protecting our systems and business interests.

At the same time, LeoVegas operates in a fast-paced and competitive industry where frequent application changes and updates are vital for success. Prior to adopting Invicti, vulnerability scans could take hours to complete and were not fully integrated with the development process, making it harder for security to keep pace with application development. With high-value data and regulatory compliance at stake, compromising on security is not an option, so a new approach to web application security testing was needed.

Integrating Invicti into the software development pipeline

After trying many tools on the market, LeoVegas chose Invicti for its accuracy, performance, and deployment flexibility. Invicti offered a strong combination of vital features, notably out-of-the-box integration with tools already used in the software development pipeline and fully trustworthy vulnerability testing results with Proof-Based Scanning™. LeoVegas built Invicti into its CI/CD pipeline, integrating vulnerability testing and management into its existing development automation and issue tracking systems to streamline security testing and remediation.

With Proof-Based Scanning technology, we are now spending more time on fixing real issues rather than verifying whether a vulnerability is a false positive or not.

Customizing Invicti deployment and scanning

The ability to optimize scans and customize the deployment model was also important to meet the company’s workflow and performance requirements. LeoVegas used manually deployed scan agents to ensure efficient and scalable security testing across multiple locations around the world. With vulnerability testing during development being focused on checking incremental changes, the company’s security experts took advantage of Invicti’s customizability to optimize these recurring scans for maximum coverage and shorter scan times.

Invicti is highly customizable and offers the possibility to scan from different locations by manually deploying scan agents.

Reaping the benefits of accurate, automated, and optimized security testing

By feeding Invicti’s confirmed scan results into its CI/CD pipeline, LeoVegas was able to streamline security testing. With optimised deployments and scan settings, scanning takes less time, while automatically confirmed vulnerability results go directly to the developers for maximum work efficiency. On top of that, Invicti’s rich set of built-in reports provides stakeholders with full visibility into vulnerability management and the current security compliance status.

Thanks to Invicti, application security testing at LeoVegas can now keep up with the pace of development, allowing the company to quickly and securely build new functionality to stay on top of its game.

Turn your security process into a success story