“As opposed to other web application scanners we used, Netsparker is very easy to use and does not require a lot of configuring. An out of the box installation of Netsparker Web Application Security Scanner can detect more vulnerabilities than any other web application security scanner we have used so far,” Perry Mertens, Audit Supervisor within the ING Insurance EURAsia IT Audit team.
An international financial institution such as ING Insurance that has offices all over the world, remote employees, and a sophisticated infrastructure, depends heavily on web applications. Web applications such as internal portals, external portals, life insurance and investment management websites, as well as, online banking web applications are used to share data among all of the corporation’s offices and employees.
Web applications are also used by ING customers and other businesses to access their bank accounts and finances.
The above implies that a great focus has to be put on security to protect all this information that is extremely valuable for the institution and its clients.
The IT Security Audit team at ING performs audits to ascertain whether numerous websites and web applications are solid and secure. Most of these web applications are custom built, using a wide variety of commonly used web frameworks as underlying infrastructure.
The need was evident for a solution that could meet the financial institution requirements and that could be implemented seamlessly.
When a company has the need to audit many web applications on a continuous basis, they need to make sure that the right tools are used to detect all web application vulnerabilities possible, to keep malicious hackers out and make sure their customers’ money is secure at all times.
The ING EurASIA Audit team chose Netsparker over several other web application security scanners because:
“When we were evaluating web application security scanners, Netsparker was the scanner that identified most vulnerabilities without requiring any configuration changes. It also identified several SQL injection and cross-site scripting vulnerabilities that other scanners did not identify,” said Perry Mertens, Supervisor Auditor at the ING EurAsia IT Audit team.
ING is a global financial institution of Dutch origin, currently offering banking, investments, life insurance and retirement services to meet the needs of a broad customer base.
Netsparker Web Application Security Scanner is an industry leading automated web vulnerability scanner developed by Netsparker Ltd. Netsparker management and engineers have more than a decade of experience in the web application security industry that is reflected in their product. Netsparker is a very easy to use web application security scanner that automates most of the web application security scanning. An out of the box installation of Netsparker is able to scan a wide variety of web applications, therefore web security experts, penetration testers and QA engineers do not need to spend countless amount of hours tweaking and configuring the software. Netsparker is revolutionising web application security by being the only web application security scanner to automatically verify detected web vulnerabilities, thus reporting no false positives. Netsparker is used by world renowned companies such as Samsung, NASA, Skype, ING and Ernst & Young.