Download PDF
Rapid7 > Case Studies > Zoopla's Application Security Enhancement with Rapid7 InsightAppSec
Rapid7 Logo

Zoopla's Application Security Enhancement with Rapid7 InsightAppSec

Technology Category
  • Application Infrastructure & Middleware - Event-Driven Application
  • Cybersecurity & Privacy - Application Security
Applicable Industries
  • Buildings
  • National Security & Defense
Applicable Functions
  • Product Research & Development
  • Quality Assurance
Use Cases
  • Experimentation Automation
  • Tamper Detection
Services
  • Testing & Certification
  • Training
The Challenge
Zoopla, a London-based real estate portal, faced a significant challenge in maintaining the security of its applications. With over 60 million visits a month to its flagship property website and application, the company had to ensure the utmost security for its users. The company's security team, led by Application Security Engineer Alikhan Uzakov, was responsible for guiding hundreds of Zoopla developers through the application security testing process. This included conducting training and helping developers embed security tooling into their processes to ensure the security testing of new features and products before their release. However, with only three staff members, the security team found it challenging to support the vast number of developers.
About The Customer
Zoopla is a leading real estate portal based in London, England. The company serves property buyers, sellers, and renters, offering property research and sales and rental listings to help its users make informed decisions. Zoopla lists over a million properties in the United Kingdom and the Netherlands and registers more than 60 million visits a month to its flagship property website and application. The company works with several hundred application developers, helping real estate agents kick start their businesses by creating their own websites and offering them training. Zoopla is more than just a website; it is a comprehensive business that supports a wide range of real estate professionals.
The Solution
To address this challenge, Zoopla turned to Rapid7 InsightAppSec, a tool that provides Dynamic Application Security Testing (DAST). Uzakov had previous experience with this tool, but he put it through a trial to ensure it met Zoopla’s specific requirements. After testing, evaluating, and comparing several appsec tools based on price, functionality, and the level of support vendors provided, they chose InsightAppSec. The tool allowed Zoopla to automate security testing as part of the development process, assess modern web apps and APIs with fewer false positives and missed vulnerabilities, fast-track fixes with rich reporting and integrations, and scale easily by assessing the security of an application portfolio, regardless of its size. InsightAppSec also enabled them to scan web applications to identify vulnerabilities like SQL Injection, XSS, and CSRF.
Operational Impact
  • The implementation of Rapid7 InsightAppSec has had a significant impact on Zoopla's operations. The tool's intuitive interface has empowered developers to conduct security testing themselves, reducing the burden on the security team. This has also enhanced coordination with all stakeholders, including Legal and IT departments, as well as external customers. The security team has been able to demonstrate InsightAppSec to developers in engineering meetups, raising general awareness about the tool and its capabilities. The response from developers has been overwhelmingly positive, with several teams requesting to embed InsightAppSec in their projects. Additionally, InsightAppSec has provided a more efficient way to conduct penetration testing, saving both time and money.
Quantitative Benefit
  • Automated security testing process, reducing the need for manual intervention
  • Reduced false positives and missed vulnerabilities in web apps and APIs
  • Fast-tracked fixes with rich reporting and integrations

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.