A large international financial services organization, with offices, employees and customers all over the world, creating a complex infrastructure of applications.
Due to the nature of the business, an increasing number of these applications are web-based. Many of these are custom-built, although some are third-party, for both employee and client systems.
With the ever- increasing threat of a security breach, it is essential the organization has a full handle on its security posture, but balances this with the management of potentially spiralling security costs.
|Challenge||Jennifer manages an eight-strong security team, within the financial services organization. The team’s skills are generalist in nature, and they perform a variety of audit-based work. They do a small amount of hands-on web application testing, but outsource most of this work to technical specialist consultants.|
|Solution||The team has recently found that Burp Suite Scanner strongly complements their own basic testing skills. Using Burp Suite Scanner, the team is able to take on more of the hands-on testing themselves. They can now find and fix a lot of common vulnerabilities earlier in the development lifecycle. The team still uses external specialists for more difficult tests, but the scope of the outsourced work is smaller than it was previously.|
|Benefits||Within a few weeks of installing and using Burp Scanner, the consulting costs have fallen by around 15%. The team is also happy to be doing more hands-on testing, and developing their technical capabilities.|
Burp has reduced the need for outside consultants, allowing the organization to manage the cost of security testing more effectively.Jennifer Parker
Security Team Manager