ProfitKeeper Automates Web Application Security with Invicti
We were impressed by the amount of positive feedback from your existing customers and also the calibre of the companies who were already using Invicti.
Who can tell it better than the customer himself? This is not the ordinary case study. This is an interview with Tom Mallory, ProfitKeeper’s IT Ninja. In this interview, Mr Mallory explains why he chose Invicti Web Application Security Scanner and how it helped him improve the security posture of the web applications that he manages.
What Can You Tell Us About ProfitKeeper and Your Role?
When you wear as many hats as I do, I think the only option is to refer to yourself as an IT Ninja. Right?
ProfitKeeper has been in business for over 13 years, teaming with franchisors to help them increase their profits. Although we provide services to very large, established franchises, we pride ourselves in individualized attention to all our partners no matter the size.
From a technical standpoint, we’re in the Finance/Analytics industry because that is the type of data we’re working with. But we’re also in the customer service business in the sense that we have clients/customers who trust and rely upon not only the data we provide them but also our ability to keep that data safe.
Can you tell us a bit about your web environment and applications?
Our web applications are built with .NET. They run on Microsoft’s IIS web server and use the Microsoft SQL server as a database backend. We currently manage three web applications that are responsible for generating data surrounding KPIs, royalty reporting, business accounting and payroll.
What Made You Decide to Try Invicti Web Application Security Scanner?
We have been using Invicti for about one-year now. It’s essentially the first time that we’ve relied upon a third-party automated web application security scanner to perform a thorough penetration test.
A major point of attraction, at least initially, was the number of positive reviews. We were impressed by the amount of positive feedback from your existing customers and also the calibre of the companies who were already using Invicti.
Once we dove into using Invicti (which right now is about once per week) we were impressed by the ease of setup and ongoing use. I wish I could comment on support but we haven’t really had any issues to speak of.
Believe it or not, in the years prior to using Invicti we were performing all of our testing manually. You don’t really realize how much time and effort an automated web application security scanner can save you until you try it. Moving back to a manual process seems unfathomable at this point in time.
A large part of our decision to begin using Invicti came from our long-term acknowledgement that we need to do everything in our power to ensure that our clients’ data is safe and secure.
With both personally identifiable information and financials being at risk, we already understood the importance of continually minimizing the ways in which a malicious hacker could access critical information.
How Has Invicti Helped to Reduce Security Vulnerabilities?
As you know, performing manual penetration testing is an arduous process. Invicti not only makes us faster but also better. Invicti, and the automation it provides, has allowed us to make our processes as efficient as possible while building more secure web applications.
One feature which also helped us significantly reduce the probability of human error is the Proof-Based ScanningTM technology, which automatically verifies the identified vulnerabilities. That’s a lifesaver for me, because I do not need to know how to reproduce every vulnerability that’s out there.
As regards the findings in our web applications, although we found our code to be void of vulnerabilities, Invicti helped to confirm this in addition to allowing us to find areas of code that had the potential to cause security issues such as SQL injection vulnerabilities.
An often overlooked benefit of Invicti: It makes you more aware of areas that present the potential for security vulnerabilities.
Would you like to add anything else?
Invicti was extremely easy to setup and use but provided world class information on potential web application vulnerabilities that if exposed, could cost us our company.