Automating penetration testing and providing a groundbreaking view of software development risk.
Edinburgh Airport, located in Scotland, United Kingdom, is one of the country’s busiest airports.
Edinburgh Airport is well known as being an innovator, which extends to the types of custom software it was building and deploying. They are also one of the fastest-growing companies in the UK.
Like many large organisations, Edinburgh Airport has over 20 applications they manage and develop internally. These applications cover everything from parking systems, flight arrival/departure information to web applications used to book airspace over the airport.
All of these systems contain critical data - information about customers, staff and suppliers. A lot of their key infrastructure relies on the software they manage and develop themselves.
Penetration testing could no longer keep up.
Previously Edinburgh Airport released software a couple of times per year, with matching penetration testing.
However, as part of an internal drive to innovate faster and release software more frequently, its developers wanted to release software faster than penetration testing could keep up with. Also, it became apparent more frequent penetration testing would see development prices soar.
The team at Edinburgh Airport looked at using one of the many security testing tools but they had lower quality results and require too many resources from an already stretched IT team.
The solution
The Uleska Platform provides automated penetration testing and risk visualisation. It allows companies to keep their software security testing as ‘agile’ as their software development.
Uleska does this by running a wide range of software security testing tools automatically and then combining the results into easy to read and actionable outcomes.
It also allows organisations, like Edinburgh Airport, to prioritize the results of their software security testing by the severity of vulnerabilities or the financial risk that they represent.
This means that organisations can do more high-quality testing, faster and with reduced staff.
Stakeholders, including management, auditors, and software teams can easily manage security challenges without upskilling or slowing feature releases.
Quick time to value and impressive results
Within weeks of Uleska being deployed, the Edinburgh Airport team was able to perform automated penetration style testing against their most popular applications.
Rather than waiting, up to 12 months, to find out about vulnerabilities, their developers could see vulnerabilities in near real-time when adding new code.
Once issues were identified, Edinburgh Airport used Uleska’s reports and dashboard to prioritise the most important issues, using Uleska’s automated assessment of the business risk of the vulnerabilities as a key factor in prioritisation.
In one web application alone, Edinburgh was able to prioritise vulnerabilities and remediate them, before the code changes went live, which decrease the future risks the organisation faced by over £1.5m.
Quotes
Denis McIlroy, Head of IT Architecture and Security – “Uleska has fundamentally changed the way we achieve secure software development. It allows us to innovate at the speed we want to rather than being shackled to yearly penetration testing. I can now see weekly the security issues we have in a clear dashboard and can prioritise their resolution quickly and effectively.”
Berit Jimmink, Head of Digital says – “Uleska proved to be very straight forward for us to deploy. After only a couple of days, with the help of their responsive and friendly staff, we were up and running and already seeing the value.”