Running Monthly Penetration Tests For eSupBase US LLC
• Industry: Ecommerce
• Location: Delaware, US
• Employees: 10-50
• Company website: www.esupbase.com
About the Company
eSupBase is an international brand with warehouses in the USA, UK and Europe, holding a stock of over 1 million high premium wholesale products.
eSupBase helps ecommerce businesses stand out through unique and high-quality range of products that no other online store can offer.
Having over 3.000 daily orders, eSupBase manages a complex IT ecosystem to maintain their large inventory and process the orders in the same day for each of their warehouses.
The Background
As part of their PCI-DSS and SOC2 Type 2 certifications, eSupBase is required to run monthly penetration tests on the public IT ecosystem available to customers and partners.
These types of tests not only can ensure certification requirements are being met but they can also provide peace of mind to partners and customers that have interconnecting systems with eSupBase.
The Challenge
Haar needed to run monthly penetration tests with the best in class tools without creating any disruption or adding extra load to their systems.
The penetration tests had to cover the general business security aspects such as known security vulnerabilities, port scanning, latest and newest security vulnerabilities, and patches, plus, of course, a full scan of their new code deployed to production.
Results
& Improvements
eSupBase managed to successfully maintain its PCI-DSS and what is even more impressive, they were able to upgrade their SOC2 certification to Type 2.
On top of that, due to an extensive report provided by Haar, these certifications are now part of their sales pitch. Their partners can now understand how important security is for eSupBase and to what extremes they go to ensure that interconnecting their warehouses creates no additional risk to their own infrastructure.
Download this Success Story
The Solution
Haar cyber security team built an automatic custom made penetration test that ran outside their business hours, over two weekends, ensuring the least impact to eSupBase warehouse IT system.
On top of the automated solution, thanks to the Haar team being able to support customers 24/7, the manual penetration tests and assessments are always done during two Sundays, each month.
All the penetration and vulnerability tests are concentrated on the public warehouse API system but also due to unique features, Haar manual penetration also extends to the internal systems including the development and potential security issues on the coding lines.
ABOUT HAAR
Haar provides tailor made cloud and IT infrastructure services, all delivered by accredited technologies and certified experts.
Get the most from your technology with the best Cloud Infrastructure, Managed Hosting, Cyber Security and IT Consultancy solutions, and 24x7 support included.