Non Profit Organization Uses Invicti to Identify Vulnerabilities in Always Changing Custom Web Applications
As a non-profit, we struggle to find and retain web application security specialists within our budget. Invicti has allowed us to easily start the process of finding and patching web application vulnerabilities, as well as training our internal resources to spot and avoid these vulnerabilities.– Director of IT Operations and Security, New Tribes Mission, USA
New Tribes Mission (NTM) is an international non-profit organization (NPO) that helps local churches train, coordinate and send missionaries to unreached groups of people. To achieve this, New Tribes Mission depends on a strong international workforce of translators, church planters, teachers, educators, nurses and several other professionals.
Non-Profit Organizations also Need to Protect their Web Applications
New Tribes Mission runs a number of web applications, such as portals, to ensure that the thousands of employees and volunteers that work for the NPO can communicate with each other and work more efficiently. It also has an official website which is accessed by thousands of followers every month.
The IT team at the New Tribes Mission has always had web application security as one of the top priorities, mainly because many of the non-technical colleagues frequently travel and access their custom built web applications from different locations in the world, sometimes even from insecure connections. Therefore, if their custom-built web applications are vulnerable, they could easily be attacked.
New Tribes Mission needed to protect its web applications from malicious attacks by identifying web vulnerabilities, programming errors, and other security flaws in them. The non-profit organization chose to use Invicti Web Application Security Scanner, a web application security market leader, to continuously scan and protect its websites and web applications from the always increasing threat of malicious attacks.
Meeting the Challenges of Securing Web Applications
Although finding a web application security scanner sounds like a straightforward process for many, there were still a number of challenges:
- NTM was running custom web applications that were frequently updated with new functionality to meet changing business needs.
- The web applications were built using different development frameworks, such as PHP and .NET and were running on different web servers such as Apache and Microsoft IIS.
- Working with the limited budget of a non-profit organization that cannot afford security specialists.
We needed a way to gain insight into the quality of security for a number of web applications that we run. Even though web application security scanners are not the silver bullet solution for our web security needs, it is a key layer of our Defense in Depth strategy.
After analyzing the challenges, the requirement was very straightforward: an automated web application security scanner that can:
- Properly crawl and scan a variety of custom web applications built using different technologies, and
- That could verify identified vulnerabilities, since the organization could not afford to retain web application security specialists.
The Solution: An Easy-to-Use and False Positive Free Web Application Security Scanner
After testing several different solutions, the team chose Invicti because it is an affordable solution and because, as they said:
It has the ability to easily identify a lot of the low hanging vulnerabilities, confirm them, and generate a useful report to send to the pertinent personnel to deal with.
As a non-profit, we struggle to find and retain web application security specialists within our budget. Invicti has allowed us to easily start the process of finding and patching web application vulnerabilities, as well as, training our internal resources to spot and avoid these vulnerabilities—which means reducing our overall risk, and all within the boundaries of our non-profit budget.
Invicti Two-Fold Benefits
Detecting Exploitable Vulnerabilities
Today, New Tribes Mission uses Invicti to scan more than 10 web applications at least once a week to ensure that there are no security holes that could be exploited by hackers.
According to the IT operations and security team, the return on investment on Invicti is already very high because:
Invicti found a SQL injection vulnerability in one of our business critical web applications that, if exploited, would have resulted in total compromise of the application and its sensitive data.
The web development team is also benefiting from Invicti because the security scanner clearly explains where the vulnerabilities are and provides practical remediation solutions. Therefore, thanks to Invicti, developers learn how to write secure code while they fix existing security issues.
Like any other software, Invicti can have bugs, and, unfortunately, the New Tribes Mission team di encountered a bug while using Invicti.
But this was not a problem for New Tribes Mission, as he explained:
Support has been great. We ran into a bug that was keeping us from using the product in a particular way, and within 24 hours, a new version was rolled out, enabling us to continue using the product.
About New Tribes Mission
New Tribes Mission is steadfast in its goal of reaching people who have no access to the Gospel. That was the vision for our ministry when we were founded in 1942, and it is our vision today.