Indonesian Financial Services Company Selects Invicti For Deeper Web Application Security Analysis and Comprehensive Reporting

We needed a solution for assessing application security, especially customer-facing web applications. For this reason we needed a more robust way of security assessment, which led us to Invicti.

A large bank in South-East Asia, employing over 7000 staff, was looking for a way to improve the security of its customer-facing web applications. As with any large financial institution, web application security is crucial to ensure the protection of thousands of daily customer transactions and the vast amounts of confidential data generated.

Challenge: The Growing Threat of Attacks on Sensitive Data of Bank Customers

The bank was launching a new planning & initiative project that included a requirement to procure and implement solutions to improve web security. The project was driven by two formidable challenges: the growing number of web applications required to fulfill the expectations of bank customers, and moving from a traditional on-premises setup to the cloud.

The bank’s web security team already had a web application security scanner in place, but were on the hunt for a more robust solution that would allow detailed security auditing for their many web applications, especially the customer-facing ones.

Solution: Deeper Insight into Web Application Security with Invicti

After taking a Invicti trial and comparing available capabilities to their previous web application security scanner, the bank chose Invicti as their vulnerability scanning solution, enabling the security team to gain a more in-depth view of web application security.

Benefits

Solution: Deeper Insight into Web Application Security with Invicti

  • Better visibility of potential vulnerabilities that could be exploited by malicious hackers
  • Ability to conduct multiple scans simultaneously
  • Deeper crawling ability than other scanners
  • Support for more aggressive penetration testing
  • Detailed analysis reports complemented by remediation guidelines
  • Vendor openness to new feature suggestions

Invicti’s Customizable Scans Could Detect Vulnerabilities Other Scanners Could Not

Invicti’s scanning engines allowed deeper and more detailed crawling than other scanners trialed by the bank, including optional parameters for further customization. Combined with authentication support, this gave the security team a better overall view of all the vulnerabilities that could be exploited by attackers. The available scanning features also allowed security professionals to conduct more aggressive manual penetration testing, if required.

In addition, Invicti offered the ability to launch multiple simultaneous scans and schedule regular scans for website groups. Such continuous scanning ensured a regular and up-to-date supply of scan reports, complete with detailed guidance on implementing fixes for each detected vulnerability.

The bank’s team was especially impressed with the level of care provided by Invicti’s support professionals, whose solid backing helped the security staff get up and running quickly and efficiently.

Using Invicti Increases Both Accuracy and Efficiency

While the initial goal was to obtain deeper insights into the security of their web applications, the bank’s security team reported that introducing Invicti also made their process more efficient.

We have become more efficient in our scanning process and have achieved more accurate results by using Invicti.

The performance gains were a direct result of using Invicti’s customizable scan settings to get more accurate results by avoiding unnecessary scanning parameters. Management also noted that fixes were now being implemented faster, as developers were receiving an up-to-date stream of detected vulnerabilities along with detailed remediation guidelines.

Turn your security process into a success story