“As a non-profit, we struggle to find and retain web application security specialists within our budget. Netsparker has allowed us to easily start the process of finding and patching web application vulnerabilities, as well as training our internal resources to spot and avoid these vulnerabilities" - Joshua Brower, New Tribes Mission, USA.
New Tribes Mission (NTM) is an international non-profit organization (NPO) that helps local churches train, coordinate and send missionaries to unreached groups of people. To achieve this, New Tribes Mission depends on a strong international workforce of translators, church planters, teachers, educators, nurses and several other professionals.
New Tribes Mission runs a number of web applications, such as portals, to ensure that the thousands of employees and volunteers that work for the NPO can communicate with each other and work more efficiently. It also has an official website which is accessed by thousands of followers every month.
Joshua Brower, New Tribes Mission Director of IT Operations and Security at New Tribes Mission has always had web application security as one of his top priorities, because many of his non-technical colleagues frequently travel and access their custom built web applications from different locations in the world, sometimes even from insecure connections. Therefore, if their custom-built web applications are vulnerable, they could easily be attacked.
New Tribes Mission needed to protect its web applications from malicious attacks by identifying web vulnerabilities, programming errors, and other security flaws in them. The non-profit organization chose to use Netsparker Web Application Security Scanner, a web application security market leader, to continuously scan and protect its websites and web applications from the always increasing threat of malicious attacks.
Although finding a web application security scanner sounds like a straightforward process for many, Brower faced a number of challenges:
“We needed a way to gain insight into the quality of security for a number of web applications that we run. Even though web application security scanners are not the silver bullet solution for our web security needs, it is a key layer of our Defense in Depth strategy,” said Brower.
After analyzing the challenges, Brower’s requirement was very straightforward: an automated web application security scanner that can:
After testing several different solutions, Brower chose Netsparker because it is an affordable solution and because, as he says: “It has the ability to easily identify a lot of the low hanging vulnerabilities, confirm them, and generate a useful report to send to the pertinent personnel to deal with.”
“As a non-profit, we struggle to find and retain web application security specialists within our budget. Netsparker has allowed us to easily start the process of finding and patching web application vulnerabilities, as well as, training our internal resources to spot and avoid these vulnerabilities—which means reducing our overall risk, and all within the boundaries of our non-profit budget,” he added.
Today, New Tribes Mission uses Netsparker to scan more than 10 web applications at least once a week to ensure that there are no security holes that could be exploited by hackers.
According to Brower, the return on investment on Netsparker is already very high because: “Netsparker found a SQL injection vulnerability in one of our business critical web applications that, if exploited, would have resulted in total compromise of the application and its sensitive data.”
The web development team is also benefiting from Netsparker because the security scanner clearly explains where the vulnerabilities are and provides practical remediation solutions. Therefore, thanks to Netsparker, developers learn how to write secure code while they fix existing security issues.
Like any other software, Netsparker can have bugs, and, unfortunately, Brower encountered a bug while using Netsparker.
But this was not a problem for New Tribes Mission, as he explained: “Support has been great. We ran into a bug that was keeping us from using the product in a particular way, and within 24 hours, a new version was rolled out, enabling us to continue using the product.”
New Tribes Mission is steadfast in its goal of reaching people who have no access to the Gospel. That was the vision for our ministry when we were founded in 1942, and it is our vision today.
Netsparker Web Application Security Scanner is an industry leading automated web vulnerability scanner developed by Netsparker Ltd. Netsparker management and engineers have more than a decade of experience in the web application security industry that is reflected in their product. Netsparker is a very easy to use web application security scanner that automates most of the web application security scanning. An out of the box installation of Netsparker is able to scan a wide variety of web applications, therefore web security experts, penetration testers and QA engineers do not need to spend countless amount of hours tweaking and configuring the software. Netsparker is revolutionising web application security by being the only web application security scanner to automatically verify detected web vulnerabilities, thus reporting no false positives. Netsparker is used by world renowned companies such as Samsung, NASA, Skype, ING and Ernst & Young.