Ensuring Efficient Developer Efforts with Comprehensive Pentesting
Knak sought out a trusted pentest vendor to improve testing quality and better align their security and compliance efforts with enterprise customer requirements.
Ottawa
MarTech
Series A $25M USD
110
Meta, Google, Uber, Amazon, Stripe, nVidia
Challenge
Knak was looking to enhance their security practices, particularly due to their company's growth and application to ensure coverage and protection from zero-day vulnerabilities getting into production. They needed evidence that security issues had been resolved for enterprise customers with demanding legal and security teams. Knak was looking to improve their security processes from start to finish, with the goals of improved testing quality, post-remediation communication, and maintaining best security practices in their operations.
Solution
Going into their second year of SOC 2, Knak felt comfortable with their security posture and opted to work with another vendor in their network to help manage costs. A large CSV output with false positives resulted in wasted remediation efforts on vulnerabilities that were not real. Knak needed a continuous pentest vendor they could trust to give them meaningful security vulnerabilities to fix and nothing else. Knak initially selected an annual Pentest 360 and then moved to PTaaS after an experience with another vendor who didn't meet their security needs.
Benefits
Knak received comprehensive pentesting tailored to their attack surface and unique business logic, resulting in 0 false positives. PTaaS was the best way to continue to confirm that their data protection and security strategies were aligned with SOC 2 Type 2 and ISO 27001 while helping their growing engineering team manage priorities.
Results
Since Knak has been continuously pentesting with Software Secured, they have reduced the number of vulnerabilities found with each pentest. More frequent penetration testing reduces the reputational and financial risks and ensures that your developers can focus on vulnerabilities that matter and are less likely to introduce new unsecured code. They now have continuously updated internal and external reports so they can provide a summary report to clients, executives and board members as they continue to accelerate their sales process.
Having worked with other vendors, I am always impressed with the vulnerabilities found by the Software Secured team. The reproduction steps are always very detailed and easy to follow. They've been very responsive whenever we ask for some ad-hoc testing as part of our PTaaS agreement. Overall, Software Secured has been a great part of our extended team. "
Joel Chretien,
Chief Architect at Knak
I have seen many pentests in the past - I am really impressed with their level of testing- really good stuff"
Paul Brohman,
CTO at Knak
Here to get you started
15 Risks & Rewards of Pentesting in a Production Environment
No testing strategy is one-size-fits-all. Pentesting in a production environment can provide advantages, though it does come with many risks.
The State of Penetration Testing as a Service- 2022 Edition
Say goodbye to 300+ page penetration test reports
Providing the quality of the biggest names in security without the price tag and complications.
Manual penetration testing
Full time Canadian hackers
Remediation support
