A large bank in South-East Asia, employing over 7000 staff, was looking for a way to improve the security of its customer-facing web applications. As with any large financial institution, web application security is crucial to ensure the protection of thousands of daily customer transactions and the vast amounts of confidential data generated.
The bank was launching a new planning & initiative project that included a requirement to procure and implement solutions to improve web security. The project was driven by two formidable challenges: the growing number of web applications required to fulfill the expectations of bank customers, and moving from a traditional on-premises setup to the cloud.
The bank’s web security team already had a web application security scanner in place, but were on the hunt for a more robust solution that would allow detailed security auditing for their many web applications, especially the customer-facing ones.
After taking a Netsparker trial and comparing available capabilities to their previous web application security scanner, the bank chose Netsparker as their vulnerability scanning solution, enabling the security team to gain a more in-depth view of web application security.
Netsparker’s scanning engines allowed deeper and more detailed crawling than other scanners trialed by the bank, including optional parameters for further customization. Combined with authentication support, this gave the security team a better overall view of all the vulnerabilities that could be exploited by attackers. The available scanning features also allowed security professionals to conduct more aggressive manual penetration testing, if required.
In addition, Netsparker offered the ability to launch multiple simultaneous scans and schedule regular scans for website groups. Such continuous scanning ensured a regular and up-to-date supply of scan reports, complete with detailed guidance on implementing fixes for each detected vulnerability.
The bank’s team was especially impressed with the level of care provided by Netsparker’s support professionals, whose solid backing helped the security staff get up and running quickly and efficiently.
While the initial goal was to obtain deeper insights into the security of their web applications, the bank’s security team reported that introducing Netsparker also made their process more efficient.
The performance gains were a direct result of using Netsparker's customizable scan settings to get more accurate results by avoiding unnecessary scanning parameters. Management also noted that fixes were now being implemented faster, as developers were receiving an up-to-date stream of detected vulnerabilities along with detailed remediation guidelines.
“Netsparker are not just another vendor from where we purchase any other software, they are like business partners. We have to trust their products do a good job to ensure the security of our cloud-based platforms, else our business’ reputation could on the line. And Netsparker have earned such trust.”Read the RPM
"As opposed to other web application scanners we used, Netsparker is very easy to use and does not require a lot of configuring. An out of the box installation of Netsparker Web Application Security Scanner can detect more vulnerabilities than any other web application..."Read the ING
“We like Netsparker not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself).”Read the Sumeru