MullenLowe Profero brings application security testing in-house for faster and more accurate scans
“Invicti is the perfect fit for us. We are able to manage everything via a cloud environment and we can set up as many tests as we want, whenever we want. Integration with Jira and other platforms allows us to easily monitor everything and respond to any issue in a timely manner.”
– Alessandro Grena, CEO, MullenLowe Profero China
MullenLowe Profero is a high-standard digital agency with a big in-house development team. Recognized as one of the leading global customer experience agencies, it brings outsourcing capabilities to the agency world, understanding marketing requirements to deliver the right user experience through its creative, production, and development services.
Taking control of security testing
MullenLowe Profero is a digital transformation agency that builds digital applications, ecommerce solutions, and CRM systems for its clients. The applications it delivers often process consumer data and critical business information, so security is a top priority. The company uses agile software development methods in a DevOps model, but outsourced security testing was not keeping pace with development. The approach was also not cost-effective, as each security scan was a separate cost item for the company.
“We previously outsourced security scans, but due to the nature of agile, it was hard to book testing months in advance. We also need to test multiple times along the development and maintenance process,” explains Alessandro Grena, CEO of MullenLowe Profero China. “Considering the costs and the inflexibility of using external providers, we really needed our own solution.”
A flexible solution to bring application security in-house
The company needed a way to run accurate vulnerability scans whenever they were necessary and in any environment: development, staging, and production. The decision was made to bring application security testing in-house. “What we wanted was a cloud solution that could retain historical data and didn’t need a dedicated infrastructure to run,” says Grena. With its flexible deployment options, workflow integrations, and vulnerability management capabilities, Invicti was a perfect fit for the company.
DevOps integration and custom scan agents for maximum efficiency
To build security testing into its existing DevOps workflows, MullenLowe Profero used Invicti’s out-of-the-box Jira integration functionality. Whenever Invicti finds a vulnerability, it automatically creates a Jira ticket with the right description and priority and assigns it to the right person. When the developer submits a fix and marks the Jira ticket as resolved, Invicti automatically runs a rescan to test the fix.
“With Invicti’s flexibility, we are able to create custom scan agents located within our infrastructure. We can then execute scans using an agent near the server or even within a client’s server infrastructure,” says Alessandro Grena. This approach optimizes scan performance and allows the company to test for vulnerabilities both with and without a web application firewall to get a full picture of application security.
Accurate scanning in development and production whenever it’s needed
Ongoing security testing for existing deployments is part of the maintenance service that MullenLowe Profero offers to its clients. Thanks to Invicti, the company can now run vulnerability scans as often as it needs during both development and maintenance at no extra cost. Grena is also impressed with the reporting capabilities: “We keep scanning sites on maintenance and we share Invicti scan reports with our clients to satisfy their requirements. This security maintenance service is integrated with our delivery process.”
By bringing application security testing in-house, the company has streamlined the scanning and issue resolution process, making it faster and more cost-effective. “Using our custom agents, we can ensure the fastest scans are executed. Third-party companies might need 3 to 4 days to run a complete scan – we can do it within 2 days because of this flexibility,” concludes Alessandro Grena. In combination with Invicti’s reporting capabilities, this allows MullenLowe Profero to deliver the best experience both for its clients and the customers that use their sites.