Who can tell it better than the customer himself? This is not the ordinary case study. This is an interview with Tom Mallory, ProfitKeeper’s IT Ninja. In this interview, Mr Mallory explains why he chose Netsparker Web Application Security Scanner and how it helped him improve the security posture of the web applications that he manages.
When you wear as many hats as I do, I think the only option is to refer to yourself as an IT Ninja. Right?
ProfitKeeper has been in business for over 13 years, teaming with franchisors to help them increase their profits. Although we provide services to very large, established franchises, we pride ourselves in individualized attention to all our partners no matter the size.
From a technical standpoint, we’re in the Finance/Analytics industry because that is the type of data we’re working with. But we’re also in the customer service business in the sense that we have clients/customers who trust and rely upon not only the data we provide them but also our ability to keep that data safe.
Our web applications are built with .NET. They run on Microsoft’s IIS web server and use the Microsoft SQL server as a database backend. We currently manage three web applications that are responsible for generating data surrounding KPIs, royalty reporting, business accounting and payroll.
We have been using Netsparker for about one-year now. It’s essentially the first time that we’ve relied upon a third-party automated web application security scanner to perform a thorough penetration test.
A major point of attraction, at least initially, was the number of positive reviews. We were impressed by the amount of positive feedback from your existing customers and also the calibre of the companies who were already using Netsparker.
Once we dove into using Netsparker (which right now is about once per week) we were impressed by the ease of setup and ongoing use. I wish I could comment on support but we haven’t really had any issues to speak of.
Believe it or not, in the years prior to using Netsparker we were performing all of our testing manually. You don’t really realize how much time and effort an automated web application security scanner can save you until you try it. Moving back to a manual process seems unfathomable at this point in time.
A large part of our decision to begin using Netsparker came from our long-term acknowledgement that we need to do everything in our power to ensure that our clients’ data is safe and secure.
With both personally identifiable information and financials being at risk, we already understood the importance of continually minimizing the ways in which a malicious hacker could access critical information.
As you know, performing manual penetration testing is an arduous process. Netsparker not only makes us faster but also better. Netsparker, and the automation it provides, has allowed us to make our processes as efficient as possible while building more secure web applications.
One feature which also helped us significantly reduce the probability of human error is the Proof-Based ScanningTM technology, which automatically verifies the identified vulnerabilities. That’s a lifesaver for me, because I do not need to know how to reproduce every vulnerability that’s out there.
As regards the findings in our web applications, although we found our code to be void of vulnerabilities, Netsparker helped to confirm this in addition to allowing us to find areas of code that had the potential to cause security issues such as SQL Injection vulnerabilities.
An often overlooked benefit of Netsparker: It makes you more aware of areas that present the potential for security vulnerabilities.
Netsparker was extremely easy to setup and use but provided world class information on potential web application vulnerabilities that if exposed, could cost us our company.
“Netsparker are not just another vendor from where we purchase any other software, they are like business partners. We have to trust their products do a good job to ensure the security of our cloud-based platforms, else our business’ reputation could on the line. And Netsparker have earned such trust.”Read the RPM
"As opposed to other web application scanners we used, Netsparker is very easy to use and does not require a lot of configuring. An out of the box installation of Netsparker Web Application Security Scanner can detect more vulnerabilities than any other web application..."Read the ING
“We like Netsparker not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself).”Read the Sumeru