Penetration Testing & Secure Code Review for Security Maturity

Challenge

Knot API is gaining traction in their market, building enterprise partnerships and client relations with large financial institutions. They had been disappointed with the lacklustre results from their previous pentest vendor and needed a partner who understands the stringent security requirements their clients need met to continue gaining trust.

Solution

Knot API selected both a secure code review and grey box web application and API pentesting with Software Secured. Using secure code review with a penetration test or on its own helps zoom in on particular pieces of software, as all code paths and running conditions of the application are inspected and tested, giving a comprehensive view of secure coding practices.

Combining code review, which identifies the instances of a vulnerability within the code and penetration testing, increases the efficacy of finding as many vulnerabilities as possible during the engagement.

Benefits

Software Secured uncovered critical and high vulnerabilities that exposed risk for Knot API. They worked with the team through remediation efforts to ensure these gaps were closed immediately after identification and retested to confirm risk had been eliminated.

Results

Software Secured approached the relationship from a consultative, educational point of view, working beside Knot API to help them choose the right security investment for their growth stage.

Software Secured not only delivered a high quality report with meaningful vulnerabilities, they also took time to understand all of our team's requirements and educate us on how best to approach source code review in tandem with pentesting. Finding a pentest vendor that has vast experience and expertise in both areas allowed us to be confident in our security posture, and made it easier to gain trust with new clients."

Pablo Rozic,
Head of Product at Knot API