Microsoft Trusts Rapid7 AppSpider
Customer Company Size
Large Corporate
Region
- America
Country
- United States
Product
- AppSpider
Tech Stack
- RESTful APIs
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Customer Satisfaction
- Digital Expertise
Technology Category
- Cybersecurity & Privacy - Application Security
- Application Infrastructure & Middleware - API Integration & Management
Applicable Industries
- Software
- Professional Service
Applicable Functions
- Business Operation
Use Cases
- Cybersecurity
Services
- System Integration
- Software Design & Engineering Services
About The Customer
Microsoft is a global technology company headquartered in Redmond, Washington, known for its software products, including the Windows operating system, the Microsoft Office suite, and the Internet Explorer and Edge web browsers. The company also produces a wide range of other consumer and enterprise software for desktops, laptops, tablets, and servers, including Internet search (with Bing), the digital services market (through MSN), mixed reality (HoloLens), cloud computing (Azure), and software development (Visual Studio). Microsoft is one of the largest companies in the world by market capitalization and has a significant influence on the technology landscape. The company has a strong focus on innovation and security, constantly evolving its products and services to meet the needs of its diverse customer base.
The Challenge
When Microsoft undertook an extensive evaluation of Web Application Vulnerability scanning solutions on the market, the company’s Cloud and Enterprise Security Services team knew it would be no small task. Microsoft wanted to build a world-class, scalable Web App Vulnerability scanning service that would serve all of their different service teams in building secure applications. With the technology landscape rapidly evolving, Microsoft foresaw that the homegrown solution it had previously relied upon for application security would soon struggle to keep pace with modern applications with rich, dynamic clients and numerous APIs on the back-end. So the team undertook an extensive, thorough evaluation that spanned several months and settled on AppSpider as one of its Web App Vulnerability Scanners, based in large part on the product’s roadmap towards being able to handle complex application ecosystems that have rich clients and RESTful APIs.
The Solution
Embarking on the proof of concept, the team knew they’d be looking at a range of products that all had the same basic functionality – in other words, their decision would ultimately boil down to a few key differentiators. The question was, which one would stand out from the rest as the best fit for their environment? A slew of in-depth questions would go into making the decision, such as: Given a baseline model, how effective is the scanner in discovering vulnerabilities? Are scan results available in a centralized data store that can be easily queried for later analysis and reporting? Can built-in reports be easily modified? How easily can new vulnerability tests be created and added? Can new authentication models be added to the scanner? Does the product meet regulatory compliance requirements, such as FedRAMP? How easily can built-in documentation be modified? Can custom checks specific to Microsoft be supported? Another important element was having the ability to develop custom attacks on their own, via API. “We wanted to develop an API with a common interface, with an engine in the background doing the legwork,” the PM manager added. “AppSpider had a good mix of what we needed, and the team particularly liked that the solution had extensibility and a strong API. That tipped the scale in their favor.” Another key consideration involved the fact that AppSpider would be focused on scanning Microsoft applications, so much was at stake: “We use AppSpider but it’s our API that we put in front of customers; our reputation is on the line. The fact that AppSpider has a rich API makes our lives a heck of a lot easier.”
Operational Impact
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
Infosys achieves a 5–7 percent effort reduction across projects
Infosys, a global leader in consulting, technology, and outsourcing solutions, was facing significant challenges in application development and maintenance due to its distributed teams, changing business priorities and the need to stay in alignment with customer needs. The company used a mix of open source, home-grown and third-party applications to support application development projects. However, challenges resulting from distributed teams using manual processes increased as the company grew. It became more and more important for Infosys to execute its projects efficiently, so they could improve quality, reduce defects and minimize delays.
Case Study
WUN Systems Case Study
WUN Systems, a provider of an end-to-end Workspace Management Platform, wanted to offer a highly reliable and scalable VoIP service that would easily integrate into their platform. They were looking for an enterprise-grade, solid platform that would enable their customers to communicate seamlessly, whether they were working from their HQ, regional office or a remote location. WUN Systems was looking for an innovative, reliable and experienced communications vendor.
Case Study
Engine Informática offers SAP software as a service with IBM
Engine Informática, a Brazil-based company specializing in the implementation of SAP ERP solutions, identified a gap in the market for small and medium-sized companies. The company realized that the fixed infrastructure investment needed to run SAP 24/7, such as data centers, hardware, and support, meant that the per-user cost could be perceived as too high for smaller companies. The challenge was to reduce or eliminate the capital expenditures and implementation costs as much as possible to help reduce the barriers to entry for these smaller companies.
Case Study
Wittmann EDV-Systeme launches IT monitoring services
Small and medium-sized businesses often lack the know-how and resources required for thorough IT system monitoring. Wittmann EDV-Systeme wanted to launch a solution to plug the gap – enabling it to improve its own competitiveness and that of its customers. IT landscapes are becoming ever more complex and outsourcing is gaining popularity, IT systems must nonetheless remain easy-to-use and extremely reliable at all times. Automated, round-the-clock system monitoring therefore represents an immensely valuable proposition for companies: downtime for business-critical applications can be avoided, and IT systems remain available at all times.
Case Study
Delivering modern data protection with cloud scale backup from Cobalt Iron and IBM
Organizations are struggling to modernize their legacy data protection environments in the face of growing demands around new infrastructure, new applications, and budget consolidation. Virtualization and modern application development processes have significantly outgrown legacy backup architectures. In response, infrastructure teams have created multiple backup solution types to handle the varying SLAs (performance, scale, cost) required by their business sponsors. However, the sheer number and variety of solutions in this uncontrolled expansion creates huge amounts of work, threatening to overwhelm the IT team in many organizations. Today, developers may add new applications and virtual server instances by the hundreds per day without accounting for the restrictions of the existing backup infrastructure. They leverage the cloud for immediate compute and storage resources, yet rarely communicate succinctly with corporate IT to ensure that the appropriate data protection services are in place.
Case Study
IBM social business software connects and empowers employees for competitive advantage
Superior Group, a company providing workforce productivity solutions, found that its employees worldwide felt disconnected from headquarters, regional offices and each other due to outdated internal communication and collaboration tools. The company's intranet had become a top-down affair with little staff involvement, and employees lacked effective tools for anywhere/anytime communications. Those working remotely had limited access to co-workers and company apps. The main method of collaboration was inefficient email, challenging IT staff to manage a growing store of attachments. These factors inhibited the company from achieving its productivity goals.
