Sumeru Solutions – Invicti Case Study
We like Invicti not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself).
Scanning web applications at scale is arguably one of the more confronting challenges for any web security professional. This interview, with Sumeru’s Lead Penetration Tester, explains why he selected Invicti above other solutions, to manage, automate and accelerate the security scanning of their clients’ websites.
Can you tell us a little about Sumeru Solutions and your role within the company?
Sure, I’m an Information Security Analyst with Sumeru. We’ve been in the Information Technology Services business for a little over a decade. We actually started out quite small – just 3-4 individuals making great software.
We now have clients worldwide – 22 countries to be exact – who rely on us for their web application services, information security and business process management needs.
Our clients include entrepreneurs, banks, hotels, airlines, political parties and more. We’re very passionate about what we do and have a strong sense of purpose.
We presently have three offices: one in the US, one in the UK and one in India. Also, we also have a joint venture office in Africa.
As far a certifications go, we are a Microsoft Gold Certified Partner, CERT-In as well as a ISO 27001 Certified Company.
Can you share some information about your decision to use Invicti?
We started using Invicti in 2013 with the intention of automating and speeding up our web scanning process to find vulnerabilities. We have since made automated vulnerability scanning a part of our regular pen testing process.
Prior to using Invicti, we were performing manual testing for critical flaws and implementing web firewalls. However, because we manage a tremendous amount of critical customer data and sensitive information, finding a way to make our scanning process as consistent and reliable as possible was a top priority.
We did take some time to test other web application security scanners and found that set-up time and reliability were not really comparable to Invicti.
What can you tell us about your current use of Invicti?
Obviously, after 10 years in business, we have developed some very consistent practices and procedures.
We currently use Invicti five days per week and scan four different web applications on a revolving basis. These consist of both civilian and government applications built on a variety of web frameworks and running on different types of servers. Invicti handles this variety with ease.
Did Invicti discover any vulnerabilities that you’re comfortable disclosing?
Yes! In several critical applications, Invicti was able to identify both SQL injection and code execution vulnerabilities, two vulnerability types it’s very good at discovering.
Have you had an opportunity or need to call our customer service or sales teams? How was that experience?
Yes we have and we’ve always found the customer service to be entirely satisfactory – exactly what we would expect from such a mission-critical part of our business.
If you had to summarize Invicti in just a single sentence, what would you say?
Invicti is our tool of choice for scanning large web applications and it’s great at finding SQL Injection vulnerabilities.