Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Aircall

Aircall was looking for a security partner that could provide pentesting on demand, something that could be scheduled on a regular basis but still allow flexibility to allow for testing when it was needed.

Aircall Turned to Pentest as a Service to Meet Its Security Needs

Aircall is a cloud-based phone system that allows companies in more than 100 countries to buy phone numbers and set up call centers. With the rapid acceleration for demand in terms of phone calls, the communication platform is transmitting and storing hundreds of thousands of bits of data from voice calls and voice recordings each day. Untold numbers of those calls involve sensitive information that customers expect to be protected at the highest level.

Pierre-Baptiste Béchu, Director of Platform & Infrastructure at Aircall, recognized that in order to build the best-in-class scenario for the security of the platform, his team worked to maintain a thorough understanding of the vulnerabilities throughout the software development lifecycle, from development to end-user.

Challenges

Béchu and the leadership team wanted to create greater security awareness throughout the organization, as well as ensure that potential security threats were tackled throughout the entire SDLC.

The security solution needed to scale to Aircall’s growing customer base, but the team also needed to work with security professionals who understand modern businesses and their very specific security needs. What Béchu wanted pentesting on demand, something that could be scheduled on a regular basis but still allow flexibility to allow for testing when it was needed.

Solution

Aircall turned to Cobalt for its Pentest as a Service (PtaaS) solution. Cobalt offers flexible and cost-effective delivery and consumption model where pentests are packaged and easily redeemed any time through the contract period for a continuous and carefree pentesting experience. The fast, flexible, and on-demand start times appealed to the Aircall team, who wanted the ability to call on modern security professionals at any time, as opposed to set quarterly or annual testing.

By doing pentesting on a frequent basis, Aircall was able to ensure a strong security awareness throughout the organization, as well as strengthen its overall application security program. Béchu especially appreciated the ability to work with modern security professionals who come to the testing with deep product knowledge and understanding of the business logic. This allowed for a more thorough and accurate pentesting experience by Cobalt.

Cobalt’s approach fits seamlessly into Aircall’s Software Development Lifecycle. Any potential vulnerabilities are pushed directly to their backlog where developers are able to action them like any other ticket. Aircall also took advantage of GitHub + JIRA integrations. Developers were sent issues directly to their backlog through integrations that didn’t change or impact the way they already worked. It was a seamless development handoff. Béchu said,

“What surprised me the most was the ability of pentesters to go deeply into the product and into the usage of the product itself.”

The pentesters were able to discover and comment on threats that were directly related to Aircall’s core product. Because of this ability to dive deep into the product, the Cobalt pentesters are able to find issues that are impactful to the business.

Key benefits

  • Pentesters with diverse & modern skillsets
  • Seamless SDLC integrations
  • Deep application/product knowledge and understanding for business impact
  • Flexible pentest scheduling