RPM Software develops cloud-based process management software to businesses operating in industries such as telecommunications, construction, oilfield services and the government. It has been operating since 2001 and is based in Calgary, Canada.
As a cloud-based software developer and provider, RPM Software is responsible for the sensitive data their customers store on their solutions, hence they cannot afford to take web application security lightly, as Mr Jade Ohlhauser RPM Software CTO explains:
Shouldn't every business take web application security seriously? Granted, though the challenge for cloud-based software developers and providers is much bigger than it sounds. Cloud-based software, or as also known Software as a Service is a collection of complex web applications that are available 247 for the customers to use. So the task is not as simple as scanning a single website. You need a solution that can easily scale up, identify all the possible attack surfaces and help you automate as much as possible.
In the early days, the RPM Software team used to do manual web security audits and also hire third party professional help. Though as the business grew, new features were added and the solutions became more complex, things easily got out of hand.
After evaluating several solutions RPM Software decided on Netsparker. Originally they started using Netsparker Desktop but now switched to Netsparker Enterprise because as RPM Software CTO explains "the cloud account can be used from any machine and does not require managing local software."
Though it is not just the ease of use that got the RPM Software team hooked on Netsparker Enterprise.
The RPM Software team use development and operational best practices, hence they never had to deal with a critical vulnerability. Though Netsparker did once identify a cross-site scripting vulnerability in one of the services' error pages, on the staging website.
Hats off to RPM Software for leading by example and always double checking and testing their code both in a staging environment and when it is live. Should such vulnerability have made it to the live service, the consequences could have been different. Prevention is better than cure, and that is exactly what RPM software are doing here; scan their web applications for vulnerabilities and ensure they are secure before migrated to a live environment, rather than dealing with a successful hack attack.
RPM Software has been trusting Netsparker's dead accurate scanning technology since 2010 and they have no intention of going anywhere else, because we have earned their trust.
"At inFactor, we believe that our security-focused culture is fundamental in helping protect our platform and customers. Netsparker enables our team to quickly identify vulnerabilities by launching scans after code gets committed. This is vital in helping us ensure we catch vulnerabilities early in our development process."Read the inFactor
"As opposed to other web application scanners we used, Netsparker is very easy to use and does not require a lot of configuring. An out of the box installation of Netsparker Web Application Security Scanner can detect more vulnerabilities than any other web application..."Read the ING
“We like Netsparker not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself).”Read the Sumeru