The Journey to PCI DSS Compliance: Securing a Flagship Product
Over the past year, ThriveCart significantly expanded its e-commerce product development team to support the rapid growth and scaling of its product suite. As part of this growth, the team prioritized strengthening security across the platform to ensure ongoing reliability and trust for their customers.
Austin, Texas
E-commerce
51-200 employees
Tekpon, Capterra, TrustRadius, G2
Challenge
Over the past year, ThriveCart significantly expanded its e-commerce product development team to support the rapid growth and scaling of its product suite. As part of this growth, the team prioritized strengthening security across the platform to ensure ongoing reliability and trust for their customers. ThriveCart sought a comprehensive, actionable security assessment with zero false positives, enabling their development team to focus on addressing real security risks efficiently and effectively.
Solution
Software Secured presented ThriveCart with the Pentest 360 package, which is an application and infrastructure pentest mapped to 5 industry standards (OWASP Top 10, SANS Top 25, WSTG, ASVS, NIST). Pentest 360 has custom business logic testing, consultative support alongside actionable remediation steps as well as 3 rounds of retesting to validate remediation efforts.
Benefits
Software Secured identified key security weaknesses in an inherited product, which helped the technical team understand the product code, architecture and security risks. Remediation support can make a large difference in preventing future vulnerabilities for your development team. With Pentest 360, ThriveCart has enhanced an already strong security foundation, further strengthening their approach with comprehensive external, internal, and segmentation testing in alignment with industry best practices and PCI DSS requirements.
Results
Since engaging in their Pentest 360, ThriveCart has significantly reduced risk and improved product security. ThriveCart prioritized remediation and retesting of vulnerabilities to further strengthen an already solid security posture, ensuring their product suite could continue to grow securely and effectively.
The Software Secured team was very knowledgeable in their domain. After an overview of the product and provisioning them stage accounts, they were able to effectively attack our product from all angles. Their test plan was significantly more thorough than any automated tooling. When the first round of testing was complete, the team prepared a report that was broken down into digestible issues. Each issue had detailed reproduction steps and the team was available to help explain anything we were unsure about. Overall, I feel much more confident in our security efforts as we continue to grow now that we have undergone this pentest. "
Lucas Harrison,
Head of Software Engineering
Here to get you started
15 Risks & Rewards of Pentesting in a Production Environment
The advantages and disadvantages of testing on staging compared to production. Which one provides more value.
The State of Penetration Testing as a Service- 2022 Edition
Say goodbye to 300+ page penetration test reports
Providing the quality of the biggest names in security without the price tag and complications.
Manual penetration testing
Full time Canadian hackers
Remediation support
