ISO 27001 Certified PCI DSS QSA Detects Vulnerabilities and Security Flaws with Netsparker
Netsparker Web Application Security Scanner enables NII Consulting, an ISO 27001 certified PCI DSS QSA to automatically identify vulnerabilities and security flaws in its customers' custom built websites and web applications.
"About 4 years ago, my team brought Netsparker to my attention and we took it for a spin during a real live penetration test. It did outperform the other established tools we were using in terms of ease of use and also web application vulnerabilities detection rate. It was a breath of fresh air. We found it to be a light, fast and reliable tool with hassle free licensing." K. K. Mookhey, Network Intelligence's Founder & Director
Network Intelligence is an ISO 27001 certified PCI DSS QSA, and a well-established provider of information security services and products. Established in 2001, Network Intelligence has a strong reputation of providing top notch information security consultancy, 24/7 security monitoring, and product implementation services to industry leaders both in the Asia-Pacific region as well as other parts of the globe. Their client list includes companies across several different verticals such as banking and financial services, software services, pharmaceutical, telecom, and manufacturing, e-commerce, and government departments.
The Responsibilities of Web Application Security Services
Network Intelligence's primary source of income and forte are web application security services.
They do penetration tests and identify vulnerabilities and security flaws in their customers' websites and web applications. Such a job has a huge responsibility: they cannot afford to miss one single vulnerability, because if a customer's website is hacked, the repercussions can have a catastrophic effect on their business.
Keeping Up with the Demand Whilst Delivering Top Quality Services
Even though Network Intelligence always did a meticulous job and left no stone unturned when doing a penetration test, they could not afford to not automate some of their processes, especially if they wanted to offer a competitive price and keep up with the demand. Therefore, in their early stages, and for a good number of years, they used automated web security tools; although they encountered several problems which they continuously tried to address.
Most of the security tools they tried were cryptic and difficult to use. Some had a better vulnerability detection rate than the others, but none of them really did the job properly, not to mention that most of them reported false positives. Hence, their concern was that they were spending more time working on the configuration of the tools and verifying their results rather than doing the job and providing the customer with an affordable web application security service and an accurate report.
Solving the Web Application Security Problem
The requirement that Network Intelligence had when it comes to web application security scanning and services was very simple: to identify all web application vulnerabilities and security flaws.
"Throughout the years we used a number of automated security tools, but we were never really satisfied with their overall performance, hence as soon as we knew about a new automated web application security scanner we wanted to test it to see if it could perform better than the tools we were already using," said K. K. Mookhey, Network Intelligence's Founder & Director.
"About four years ago, my team brought Netsparker to my attention and we took it for a spin during a real live penetration test. It did outperform the other established tools we were using in terms of ease of use and also web application vulnerabilities detection rate. It was a breath of fresh air. We found it to be a light, fast and reliable tool with hassle free licensing," he added.
Growing With Netsparker Web Application Security Scanner
"Network Intelligence has been using Netsparker for over four years in conjunction with another tool or two, but most of the other automated tools have been discarded because Netsparker was the perfect match," explained Mookhey.
Network Intelligence scans thousands of websites and custom-built web applications each year and can only keep up with the demand to detect all technical web application vulnerabilities and security flaws thanks to Netsparker's automation.
"The exploitation engine is a very handy tool," added Taufiq Ali, Manager (Security Assessment) at Network Intelligence.
"We use it to validate the issues there and then, and to also show the customers the impact a vulnerability can have, without the need of setting up a simulation in a lab," Ali concluded.
Supporting a Variety of Web Servers and Frameworks
The web application industry is a very dynamic one; there is a wide variety of web server software to choose from and a much wider choice when it comes to web frameworks and development languages. And the list keeps on growing every few years, if not months!
Hence, with such a wide variety of customers from different verticals, Network Intelligence encounters them all; Apache, NginX, IIS, Tomcat, JAVA, PHP, .NET, JSF and many others.
This was another deciding factor for them when choosing an automated tool. Could Netsparker scan all these different web applications built with different frameworks and running on a variety of web servers? The answer is a solid YES. Proof of it is that Network Intelligence has been using Netsparker for over four years now.
Having a Web Application Security Expert to Rely On
As most professionals know, having good software means nothing without good support, especially in the web security industry. Things can get quite complicated and you do not want to end up with your back against the wall while working on a critical penetration test.
First-rate support is another reason why Network Intelligence stuck to Netsparker. As K.K. Mookhey says: "The support from Ferruh and his team has always been positive. The responses are almost prompt and always appropriate."
About NII Consulting
Network Intelligence is an ISO 27001 certified PCI DSS QSA, well-established provider of information security services and products from India. Incorporated in July 2001, we have established a reputation of providing top notch information security consultancy to industry leaders both in the Asia-Pacific region as well as other parts of the globe. Our client list includes companies across verticals such as banking and financial services, software services, pharmaceutical, telecom, manufacturing, e-commerce, and government departments. Our consultants possess the requisite industry certifications, but more importantly they are equipped with a wide range of skills covering different technologies and environments.