"Netsparker has meant deployment of new and updated code can be put into production more easily and with greater confidence as to its robustness" Dr Paul Bevan Head of Core Software Services at Wellcome Trust Sanger Institute
The Wellcome Trust Sanger Institute is a charitably funded genomic research centre and a leader in the Human Genome Project. They have been using Netsparker web application security scanner to scan web applications and identify vulnerabilities in them for over three years.
Due to the nature of their research, which is focused on understanding the role of genetics in health and disease that have an impact on health globally, the Sanger Institute aims to provide results that can be translated into diagnostics, or treatments & therapies that reduce global health burdens.
Web applications enabled Wellcome Trust Sanger Institute to deliver the results of their research to researchers and pharmaceutical companies more easily and efficiently. Though web applications are also susceptible to malicious hack attacks should they be vulnerable, hence the institute needed to ensure the security of their web applications and the integrity of their data.
Prior to using Netsparker web application security scanner, the Sanger Institute did not use any other web security products. They would manually test their web applications for the most common vulnerabilities and flaws, though mainly focusing on the two most common vulnerabilities; cross-site scripting and sql injection vulnerabilities. There are many other web application vulnerabilities one should check for though manual security testing took a considerable amount of time, money and resources hence it was limited.
Therefore Wellcome Trust Sanger Institute required a new, ideally automated solution that could replace their current manual web security testing procedures. They were looking for a new automated solution that could help them automatically find vulnerabilities and security flaws in their web applications without having to spend too much time, money and resources.
The decision by the Wellcome Trust Sanger Institute to use Netsparker was based on their requirements for a product that could manage a broad spectrum of web security scanning & tests. They also required a web vulnerability scanner that was easy to use and could identify the majority of web vulnerabilities so that they can be patched ahead of time, thus mitigating the risk of being hacked.
The Wellcome Trust Sanger Institute use Netsparker's web application security scanner to scan multiple websites and web applications updates prior to releasing them in live environments. The 20+ websites that the Sanger Institute owns, are built using a variety of web frameworks such as Java, Perl, Ruby and PHP and run on Apache and Tomcat web servers.
“We have been scanning our web application updates prior to implementing them in our live environment for quite a while and would recommend everyone to do so,” said Dr Bevan. “You’d be quite surprised how many vulnerabilities can be found during such stages of development”. Netsparker found several XSS and SQL Injections vulnerabilities during these regular scans. Should such vulnerabilities have made it to the live deployment they could have been easily found and exploited during an attack.
When asked by Netsparker as to what kind of damage they would endure if they had been hacked, the head of Core Software services at the Wellcome Trust Sanger Institute said "It would be mainly reputational damage since most of the software and data produced by the Sanger Institute is made freely available to researchers and pharmaceutical companies. Other forms of damage would be tampered data and the time & manpower spent understanding how we had been hacked, and reinstalling software on clean, rebuilt, hosts."
The Wellcome Trust Sanger Institute is a charitably funded genomic research centre located in Hinxton, nine miles south of Cambridge in the UK.
A leader in the Human Genome Project, we are now focused on understanding the role of genetics in health and disease. Our passion for discovery drives our quest to uncover the basis of genetic and infectious disease. We aim to provide results that can be translated into diagnostics, treatments or therapies that reduce global health burdens.
Netsparker Ltd is a young and enthusiastic UK based company focused on developing automated web security products, mainly the false positive web application security scanners Netsparker Desktop and Netsparker Cloud. Netsparker management and engineers have more than two decades of experience in the web application security industry that is reflected in their products. Founded in 2009, Netsparker’s automated web vulnerability scanners are the leading security tools and are used by world renowned companies such as Samsung, NASA, Microsoft, ING bank, Skype and Ernst & Young.