Morneau Shepell, an international pension administration and benefits company, was founded in the eighties as SOBECO. The company merged with Morneau in 1995 to become Morneau Sobeco. Later in 2006 Morneau Sobeco acquired Shepell FGI to become Morneau Shepell. Today Morneau Shepell serves more than 8,000 clients, ranging from small businesses to some of the largest corporations and associations in North America.
Morneau Shepell's websites and web applications are built with .Net framework and run on a number Microsoft IIS servers. Web applications are used by both employees and business partners to gain access to the personal accounts and information of their clients' to make pension investments and payments.
Prior to Netsparker, the company used Nessus as their primary web application security scanner; but as Security Analyst Mihai Petre highlights:
Netsparker Web Application Security Scanner is now being used to carry out monthly scheduled web application security scans using credentials, and also daily ones when the need arises.
If a web application were hacked and sensitive data leaked or stolen, the company could suffer severe financial and regulatory compliance problems.
When Morneau Shepell started using Netsparker three years ago, they realized that many of their websites needed improvements in mitigating SQL Injections, Cross-site Scripting (XSS) and other vulnerabilities.
Using Netsparker they identified and confirmed particular cases where sites were vulnerable and quickly deployed fixes. Now, the security team is confident that their web applications are secure.
Established in 1966, Morneau Shepell serves more than 8,000 clients, ranging from small businesses to some of the largest corporations and associations in North America. With approximately 3,000 employees in offices across North America, Morneau Shepell provides services to organizations across Canada, in the United States and around the globe. Morneau Shepell is a public-traded company on the Toronto Stock Exchange (TSX: MSI).
“Netsparker are not just another vendor from where we purchase any other software, they are like business partners. We have to trust their products do a good job to ensure the security of our cloud-based platforms, else our business’ reputation could on the line. And Netsparker have earned such trust.”Read the RPM
"As opposed to other web application scanners we used, Netsparker is very easy to use and does not require a lot of configuring. An out of the box installation of Netsparker Web Application Security Scanner can detect more vulnerabilities than any other web application..."Read the ING
“We like Netsparker not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself).”Read the Sumeru