Capturing Mobile Security Through Comprehensive Penetration Testing

Challenge

CompanyCam was in the process of fulfilling their SOC 2, and needed to meet specific audit timeline requirements while adhering to service level agreements (SLAs) and continuing business as usual. CompanyCam wanted to increase the scope of their pentest beyond compliance requirements.

Solution

CompanyCam was looking for a partner that could help guide them to mature their security program, making responding to customer security questionnaires faster, while maintaining their commitment to SOC 2 compliance. Referred by their vCISO Eden Data, as well as a trusted peer, it became clear that Software Secured gets startups. CompanyCam opted to conduct a grey box application and mobile pentest with Software Secured.

Benefits

Software Secured’s mobile pentesting expertise paired with their threat modelling and custom chained attacks gave CompanyCam the confidence in their application security, without breaking the bank.

Results

Software Secured’s pentest offer came in at roughly the same price as CompanyCam’s vendor the previous year. However Software Secured found 10x the number of real vulnerabilities than the previous provider did. Not only did the pentest result in meaningful security risk being exposed, it also helped the CompanyCam team remediate high priority vulnerabilities immediately, prior to report delivery, furthering their SOC 2 Access Control efforts and protecting client data.

Software Secured’s comprehensive approach to penetration testing and mobile expertise led to finding more vulnerabilities than our previous vendors. The team was also more communicative, engaged, and helpful along the way. The report we received included steps to identify, reproduce, and remediate the found vulnerabilities, and the Software Secured team made themselves available to talk through any details. I’m very impressed with their work’s level of care and detail."

Kevin Scully,
VP of Engineering at CompanyCam