MullenLowe Profero is a high-standard digital agency with a big in-house development team. Recognized as one of the leading global customer experience agencies, it brings outsourcing capabilities to the agency world, understanding marketing requirements to deliver the right user experience through its creative, production, and development services.
MullenLowe Profero is a digital transformation agency that builds digital applications, ecommerce solutions, and CRM systems for its clients. The applications it delivers often process consumer data and critical business information, so security is a top priority. The company uses agile software development methods in a DevOps model, but outsourced security testing was not keeping pace with development. The approach was also not cost-effective, as each security scan was a separate cost item for the company.
“We previously outsourced security scans, but due to the nature of agile, it was hard to book testing months in advance. We also need to test multiple times along the development and maintenance process,” explains Alessandro Grena, CEO of MullenLowe Profero China. “Considering the costs and the inflexibility of using external providers, we really needed our own solution.”
The company needed a way to run accurate vulnerability scans whenever they were necessary and in any environment: development, staging, and production. The decision was made to bring application security testing in-house. “What we wanted was a cloud solution that could retain historical data and didn’t need a dedicated infrastructure to run,” says Grena. With its flexible deployment options, workflow integrations, and vulnerability management capabilities, Netsparker was a perfect fit for the company.
To build security testing into its existing DevOps workflows, MullenLowe Profero used Netsparker’s out-of-the-box Jira integration functionality. Whenever Netsparker finds a vulnerability, it automatically creates a Jira ticket with the right description and priority and assigns it to the right person. When the developer submits a fix and marks the Jira ticket as resolved, Netsparker automatically runs a rescan to test the fix.
“With Netsparker’s flexibility, we are able to create custom scan agents located within our infrastructure. We can then execute scans using an agent near the server or even within a client’s server infrastructure,” says Alessandro Grena. This approach optimizes scan performance and allows the company to test for vulnerabilities both with and without a web application firewall to get a full picture of application security.
Ongoing security testing for existing deployments is part of the maintenance service that MullenLowe Profero offers to its clients. Thanks to Netsparker, the company can now run vulnerability scans as often as it needs during both development and maintenance at no extra cost. Grena is also impressed with the reporting capabilities: “We keep scanning sites on maintenance and we share Netsparker scan reports with our clients to satisfy their requirements. This security maintenance service is integrated with our delivery process.”
By bringing application security testing in-house, the company has streamlined the scanning and issue resolution process, making it faster and more cost-effective. “Using our custom agents, we can ensure the fastest scans are executed. Third-party companies might need 3 to 4 days to run a complete scan – we can do it within 2 days because of this flexibility,” concludes Alessandro Grena. In combination with Netsparker’s reporting capabilities, this allows MullenLowe Profero to deliver the best experience both for its clients and the customers that use their sites.
“Netsparker are not just another vendor from where we purchase any other software, they are like business partners. We have to trust their products do a good job to ensure the security of our cloud-based platforms, else our business’ reputation could on the line. And Netsparker have earned such trust.”Read the RPM
"As opposed to other web application scanners we used, Netsparker is very easy to use and does not require a lot of configuring. An out of the box installation of Netsparker Web Application Security Scanner can detect more vulnerabilities than any other web application..."Read the ING
“We like Netsparker not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself).”Read the Sumeru