The Bangladesh E-Government Computer Incident Response Team: Efficiency with Acunetix

After implementing Acunetix, we can support many more requests and we can provide reports to clients much faster

The Challenge: Rapidly Assessing Vulnerabilities for Many Customers at Once

The Bangladesh E-Government Computer Incident Response Team (BGD e-GOV CIRT) is a government unit with a mission to support government efforts to develop and amplify ICT programs by establishing incident management capabilities within Bangladesh. BGD e-GOV CIRT performs many services associated with IT security, but one of its primary activities is vulnerability assessment and penetration testing (VAPT).

The 35-person team receives requests from other government units, performs VAPT, and provides the reports. The number of requests is large in relationship to the size of the team and therefore, BGD e-GOV CIRT was struggling to handle many such requests at once. The volume of requests made it impossible to perform vulnerability assessment manually. The team also found it hard to provide meaningful reports.

Before implementing Acunetix, BGD e-GOV CIRT was using open-source tools. However, the team found that such tools are not enough to provide high-quality services. Therefore, upon consideration of several solutions, they went ahead with Acunetix.

The Solution: Authenticated Scanning, Proof-of-Concept, Remediation Advice

The BGD e-GOV CIRT team uses Acunetix every day, for every VAPT request. They especially appreciate the fact that they can scan complex single-page applications (SPAs) and authenticated areas (using the Login Sequence Recorder). The tool saves them a lot of time, making it possible to support many more requests than it was previously possible.

It is very difficult to manually assess websites or applications for vulnerabilities. It is also time-consuming. We found that our work improved significantly after we implemented Acunetix.

Acunetix is an industry-leading web security solution with lots of advanced features to scan modern websites or applications including SPAs. It has several industry reporting formats including compliance reports and it really helps make life easier.

Another aspect that is important for the BGD e-GOV CIRT team is customer satisfaction. They find that their customers are very satisfied with standard Acunetix reports, which provide not only proof-of-concept but also contain remediation advice and a lot of additional information for developers.

Benefits

• Efficiency
  The BGD e-GOV CIRT found that using Acunetix, they significantly increased the throughput of the team, making it possible to work for many customers at once.
• Customer Satisfaction
  The BGD e-GOV CIRT discovered that their clients are very happy with Acunetix reports. They get detailed information about the vulnerability, proof-of-concept, as well as helpful links and direct remediation advice for developers.
• Full Automation
  The BGD e-GOV CIRT previously used open-source tools and found that it was impossible to scan single-page applications (SPAs) and authenticated areas. Acunetix lets them do that automatically, greatly reducing the need for manual work.