Rapid7 Case Studies Zoopla's Application Security Enhancement with Rapid7 InsightAppSec

Edit This Case Study Record

	Zoopla's Application Security Enhancement with Rapid7 InsightAppSec Rapid7

Zoopla's Application Security Enhancement with Rapid7 InsightAppSec

Rapid7

Technology Category	Application Infrastructure & Middleware - Event-Driven Application Cybersecurity & Privacy - Application Security
Applicable Industries	Buildings National Security & Defense
Applicable Functions	Product Research & Development Quality Assurance
Use Cases	Experimentation Automation Tamper Detection
Services	Testing & Certification Training
Challenge	Zoopla, a London-based real estate portal, faced a significant challenge in maintaining the security of its applications. With over 60 million visits a month to its flagship property website and application, the company had to ensure the utmost security for its users. The company's security team, led by Application Security Engineer Alikhan Uzakov, was responsible for guiding hundreds of Zoopla developers through the application security testing process. This included conducting training and helping developers embed security tooling into their processes to ensure the security testing of new features and products before their release. However, with only three staff members, the security team found it challenging to support the vast number of developers. Read More
About Customer	Zoopla is a leading real estate portal based in London, England. The company serves property buyers, sellers, and renters, offering property research and sales and rental listings to help its users make informed decisions. Zoopla lists over a million properties in the United Kingdom and the Netherlands and registers more than 60 million visits a month to its flagship property website and application. The company works with several hundred application developers, helping real estate agents kick start their businesses by creating their own websites and offering them training. Zoopla is more than just a website; it is a comprehensive business that supports a wide range of real estate professionals. Read More
Solution	To address this challenge, Zoopla turned to Rapid7 InsightAppSec, a tool that provides Dynamic Application Security Testing (DAST). Uzakov had previous experience with this tool, but he put it through a trial to ensure it met Zoopla’s specific requirements. After testing, evaluating, and comparing several appsec tools based on price, functionality, and the level of support vendors provided, they chose InsightAppSec. The tool allowed Zoopla to automate security testing as part of the development process, assess modern web apps and APIs with fewer false positives and missed vulnerabilities, fast-track fixes with rich reporting and integrations, and scale easily by assessing the security of an application portfolio, regardless of its size. InsightAppSec also enabled them to scan web applications to identify vulnerabilities like SQL Injection, XSS, and CSRF. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - Event-Driven Application

Cybersecurity & Privacy - Application Security

Applicable Industries

Buildings

National Security & Defense

Applicable Functions

Product Research & Development

Quality Assurance

Use Cases

Experimentation Automation

Tamper Detection

Services

Testing & Certification

Training

Challenge

Zoopla, a London-based real estate portal, faced a significant challenge in maintaining the security of its applications. With over 60 million visits a month to its flagship property website and application, the company had to ensure the utmost security for its users. The company's security team, led by Application Security Engineer Alikhan Uzakov, was responsible for guiding hundreds of Zoopla developers through the application security testing process. This included conducting training and helping developers embed security tooling into their processes to ensure the security testing of new features and products before their release. However, with only three staff members, the security team found it challenging to support the vast number of developers.

About Customer

Zoopla is a leading real estate portal based in London, England. The company serves property buyers, sellers, and renters, offering property research and sales and rental listings to help its users make informed decisions. Zoopla lists over a million properties in the United Kingdom and the Netherlands and registers more than 60 million visits a month to its flagship property website and application. The company works with several hundred application developers, helping real estate agents kick start their businesses by creating their own websites and offering them training. Zoopla is more than just a website; it is a comprehensive business that supports a wide range of real estate professionals.

Solution

To address this challenge, Zoopla turned to Rapid7 InsightAppSec, a tool that provides Dynamic Application Security Testing (DAST). Uzakov had previous experience with this tool, but he put it through a trial to ensure it met Zoopla’s specific requirements. After testing, evaluating, and comparing several appsec tools based on price, functionality, and the level of support vendors provided, they chose InsightAppSec. The tool allowed Zoopla to automate security testing as part of the development process, assess modern web apps and APIs with fewer false positives and missed vulnerabilities, fast-track fixes with rich reporting and integrations, and scale easily by assessing the security of an application portfolio, regardless of its size. InsightAppSec also enabled them to scan web applications to identify vulnerabilities like SQL Injection, XSS, and CSRF.

Impact #1	The implementation of Rapid7 InsightAppSec has had a significant impact on Zoopla's operations. The tool's intuitive interface has empowered developers to conduct security testing themselves, reducing the burden on the security team. This has also enhanced coordination with all stakeholders, including Legal and IT departments, as well as external customers. The security team has been able to demonstrate InsightAppSec to developers in engineering meetups, raising general awareness about the tool and its capabilities. The response from developers has been overwhelmingly positive, with several teams requesting to embed InsightAppSec in their projects. Additionally, InsightAppSec has provided a more efficient way to conduct penetration testing, saving both time and money.

Impact #1

The implementation of Rapid7 InsightAppSec has had a significant impact on Zoopla's operations. The tool's intuitive interface has empowered developers to conduct security testing themselves, reducing the burden on the security team. This has also enhanced coordination with all stakeholders, including Legal and IT departments, as well as external customers. The security team has been able to demonstrate InsightAppSec to developers in engineering meetups, raising general awareness about the tool and its capabilities. The response from developers has been overwhelmingly positive, with several teams requesting to embed InsightAppSec in their projects. Additionally, InsightAppSec has provided a more efficient way to conduct penetration testing, saving both time and money.

Benefit #1	Automated security testing process, reducing the need for manual intervention
Benefit #2	Reduced false positives and missed vulnerabilities in web apps and APIs
Benefit #3	Fast-tracked fixes with rich reporting and integrations

Benefit #1

Automated security testing process, reducing the need for manual intervention

Benefit #2

Reduced false positives and missed vulnerabilities in web apps and APIs

Benefit #3

Fast-tracked fixes with rich reporting and integrations

Download PDF Version

Overview

Zoopla's Application Security Enhancement with Rapid7 InsightAppSec

Operational Impact

Quantitative Benefit