dscout is a research tool that captures thoughts, reactions and behaviors in moments as they happen. The web platform and mobile app enables companies to discover how people experience products, services, and everyday life - in context. Progressive pentesters can gather media-rich qualitative feedback in video, voices, images and text, and then analyze it within a quantifiable framework.
The world’s largest tech, retail and consulting companies use the dscout SaaS to scale and simplify their primary research at an unprecedented level. As users capture their valuable moment-to-moment experiences, it’s important for dscout to keep the platform and data secure.
Modern SaaS Security
Being a SaaS business with high profile customers such as Google, Intel, and Microsoft, dscout needs to maintain and display a high level of security. However, finding the right security service can be challenging, especially when running an advanced web platform, an API, and iOS and Android apps.
Nick Terkay, Director of Engineering at dscout, had been scouting for different security vendors. Nick and his team were looking for:
- An effective way to test the security of their full stack (Web, iOS, Android and API)
- A way to show their existing and new customers their security level
When he heard about Cobalt, he was immediately intrigued by the modern approach. Nick explains:
"As a modern SaaS business we want to work with innovative vendors who can give us the best solution out there. Cobalt seemed to fit right into this category."
After a short evaluation comparing Cobalt to more traditional vendors, Nick and dscout decided to move forward with Cobalt's agile pentest solution.
Testing the Full Stack
The security testing was set up so that dscout would have a security expert from the Cobalt Core curating and leading the testing. This curator was supported by technical domain experts specifically matched to each application.
For each Cobalt penetration test, the testing team ensures:
- Coverage of OWASP top 10, such as SQL Injections, CSRF and XSS.
- Security testing of specific application logic using out-of-the-box thinking
By utilizing Cobalt’s global talent pool, dscout was able to test the full stack effectively without compromising on quality. The first pentest was initiated and Nick was highly satisfied with the results.
"We were very impressed with the testing done by the Cobalt security community. The Pentesters were able to cover the basics, as well as deliver creative in-depth testing and findings."
Each individual finding from the security test was submitted on Cobalt Central with details such as steps to reproduce, criticality assessment, suggested fixes, and screenshots. This made it easy for dscout to understand each finding and if they had additional questions they could quickly ask the pentesters through the built-in report comments.
After the testing was completed the pentesters were also available to support dscout on re-testing fixed findings, a process that was very efficiently controlled via the Cobalt platform. Nick explains:
"We wanted to fix the findings as fast as possible and Cobalt’s pentesters were always ready to help. They answered our questions and verified our patches in a timely manner, which made our lives much easier."
On top of the individual findings, a summary report for each application was delivered. The summary report gives dscout the capability to share the results and status of the fixes with customers and other key stakeholders.
While the individual findings were great for fixing issues internally, the summary report has been great for communicating security externally.
"Now we have a trustworthy way of showing our enterprise customers that security is important to us and that we are actively working on keeping our applications as secure as possible."
By using Cobalt’s modern pentest approach, dscout has been able to:
- Access pentesters with the right application security skills - Web, Mobile, API
- Leverage a modern technology platform to follow the testing and manage the findings
- Demonstrate to stakeholders and customers that they take security seriously
"Cobalt has given us an agile, effective and modern security testing approach, which I would highly recommend to any online business looking for pentesting"
- Keep the security of the platform at the highest level possible
- Show customers their security level and their active protection of applications
- Deploy Cobalt’s Agile Penetration Testing Solution
- Access to pentesters with the right application security skills - Web, Mobile, API
- A modern technology platform to monitor the testing and manage the findings
- A summary report to share with stakeholders