We needed a web-based DAST solution that many auditors could use together. We were using other products before, but we chose the Acunetix by Invicti Web Vulnerability Scanner for its detailed API functions and support for Login Sequence Recording/Custom Headers.
Located in South Korea, Kakao Corp is a company that connects people to the Internet and communications technologies they need to power their daily lives. Kakao has offered a wide range of services to customers since its establishment in 2010, from chat and banking applications to multi-cloud connectivity for businesses. As part of their process in designing and building innovative web applications, Kakao has an Invicti-backed security support system that helps them ensure their web assets are covered from development to deployment, keeping their data – and their customers’ data – secure.
Because the Kakao team is constantly opening new services in a variety of markets and revising or reforming existing ones, they needed a security tool that offered both manual and automated diagnostics, built on accuracy to find new vulnerabilities more efficiently. That meant integrating a web-based dynamic application security testing (DAST) solution and a static application security testing (SAST) tool, which together could handle complicated APIs and help them uncover issues earlier in the development process.
Web security is very important because most of Kakao’s service is provided on the Web. Vulnerabilities can affect a client’s trust for the services, so the preemptive measure is vital to provide these services safely.
Not only did they need to integrate security into existing processes and workflows seamlessly, but also the team knew how important it was to embed security at every major development step and provide access to the right people. With about 20 specialists dedicated to diagnosing vulnerabilities, their tool of choice also needed to be flexible, agile, and help reduce the amount of business resources that they were relying on.
One of the hurdles Kakao needed to jump in security was finding a way to scan web assets that require session verification. When surveying options, they found critical flexibility with features like Invicti’s Login Sequence Recorder and Custom Header Support, which enabled them to cater their security experience and begin scanning with consistent diagnostics.
The introduction of the Acunetix by Invicti Web Vulnerability Scanner reduced some of the business resources and increased some of the vulnerability detection rates for potential web applications during vulnerability diagnosis.
The Kakao team must frequently run through reviews and inspection procedures to apply specific security requirements and eliminate vulnerabilities, which is why they needed such reliable and flexible tools. To do this automatically and efficiently, they opted for Invicti security solutions that provide SAST and DAST results faster and with more accuracy. The team can now conduct security diagnostics entirely before they release a new service to the public – as opposed to just part of the service – to ensure that the new services and infrastructures in operation are safe and secure.
The Kakao team was able to seamlessly integrate Acunetix by Invicti into their environment on-prem, with adequate support from Invicti to help them begin scanning web applications in development right away. They’ve found the Login Sequence Recorder and Custom Header Authentication particularly useful when modifying Invicti’s automatic authentication to suit their website.
We built the Acunetix by Invicti Web Vulnerability Scanner into our own on-premise environment. Support was provided quickly, mostly based on email.
The Kakao team has also appreciated the benefits of detailed API functionality and an intuitive user interface, which makes their security processes even more seamless. Now, they’re supported by continuous vulnerability pattern updates that help them notice new trends in their threat landscape, and they can more easily configure parallelism in scans for boosted speed and efficiency on test-intensive builds.
With Invicti running smoothly within their existing development and security processes, Kakao Corp has been able to reduce some of their repetitive business resources and increase detection rates for web application vulnerabilities. With Invicti embedded into their software development workflows, they can continue building innovative web applications to provide their many customers with critical access to the technology they rely on every day.
"Acunetix is our vulnerability scanning tool of choice for situations where information security is a real concern and confidence in safety is key"JP Lessard President of Software Services
"Having used Acunetix since 2009, we find it an essential tool in protecting our interior critical systems and helping our customers protect their own systems."Chen Chiu Lin Researcher
"Acunetix has played a very important role in the identification and mitigation of web application vulnerabilities. Acunetix has proven itself and is worth the cost. Thank you Acunetix team."M. Rodgers Member of the US Air Force IT Security Team