Rapid7 Case Studies Zoopla's Application Security Enhancement with Rapid7 InsightAppSec
Edit This Case Study Record
Rapid7 Logo

Zoopla's Application Security Enhancement with Rapid7 InsightAppSec

Rapid7
Application Infrastructure & Middleware - Event-Driven Application
Cybersecurity & Privacy - Application Security
Buildings
National Security & Defense
Product Research & Development
Quality Assurance
Experimentation Automation
Tamper Detection
Testing & Certification
Training
Zoopla, a London-based real estate portal, faced a significant challenge in maintaining the security of its applications. With over 60 million visits a month to its flagship property website and application, the company had to ensure the utmost security for its users. The company's security team, led by Application Security Engineer Alikhan Uzakov, was responsible for guiding hundreds of Zoopla developers through the application security testing process. This included conducting training and helping developers embed security tooling into their processes to ensure the security testing of new features and products before their release. However, with only three staff members, the security team found it challenging to support the vast number of developers.
Read More
Zoopla is a leading real estate portal based in London, England. The company serves property buyers, sellers, and renters, offering property research and sales and rental listings to help its users make informed decisions. Zoopla lists over a million properties in the United Kingdom and the Netherlands and registers more than 60 million visits a month to its flagship property website and application. The company works with several hundred application developers, helping real estate agents kick start their businesses by creating their own websites and offering them training. Zoopla is more than just a website; it is a comprehensive business that supports a wide range of real estate professionals.
Read More
To address this challenge, Zoopla turned to Rapid7 InsightAppSec, a tool that provides Dynamic Application Security Testing (DAST). Uzakov had previous experience with this tool, but he put it through a trial to ensure it met Zoopla’s specific requirements. After testing, evaluating, and comparing several appsec tools based on price, functionality, and the level of support vendors provided, they chose InsightAppSec. The tool allowed Zoopla to automate security testing as part of the development process, assess modern web apps and APIs with fewer false positives and missed vulnerabilities, fast-track fixes with rich reporting and integrations, and scale easily by assessing the security of an application portfolio, regardless of its size. InsightAppSec also enabled them to scan web applications to identify vulnerabilities like SQL Injection, XSS, and CSRF.
Read More
The implementation of Rapid7 InsightAppSec has had a significant impact on Zoopla's operations. The tool's intuitive interface has empowered developers to conduct security testing themselves, reducing the burden on the security team. This has also enhanced coordination with all stakeholders, including Legal and IT departments, as well as external customers. The security team has been able to demonstrate InsightAppSec to developers in engineering meetups, raising general awareness about the tool and its capabilities. The response from developers has been overwhelmingly positive, with several teams requesting to embed InsightAppSec in their projects. Additionally, InsightAppSec has provided a more efficient way to conduct penetration testing, saving both time and money.
Automated security testing process, reducing the need for manual intervention
Reduced false positives and missed vulnerabilities in web apps and APIs
Fast-tracked fixes with rich reporting and integrations
Download PDF Version
test test