International Pension Administration and Benefits Company, Morneau Shepell, uses Netsparker to automatically scan over 600 websites a month.
Founded 
in the eighties as SOBECO, the company merged with Morneau in 1995 to become Morneau Sobeco. Later in 2006 Morneau Sobeco acquired Shepell FGI to become Morneau Shepell. Today Morneau Shepell serves more than 8,000 clients, ranging from small businesses to some of the largest corporations and associations in North America.
The Web Applications
Their websites and web applications are built with .Net framework and run on Microsoft IIS servers. Web applications are used by employees and business partners to gain access to the personal accounts and information of their client’s employees for making pension investments and payments.
Why Use Netsparker Web Application Security Scanner?
Prior to using Netsparker, the company had used Nessus as their primary web application security scanner. Though as Security Analysts Mihai Petre highlights “existing tools used for testing published websites and web applications such as Nessus are not reliable. With the ever growing number of published websites, sorting through the scan results and verifying the findings was both a frustrating and a time consuming process.”
“We started looking for a more efficient solution that could help us automated most of the tasks, and Netsparker was the obvious choice because it automatically verifies identified vulnerabilities. Therefore our team didn’t need to allocate time in verifying the scanner’s findings,” continued Mihai Petre.
Netsparker is now being used to carry out monthly scheduled web application security scans, using credentials and also daily ones when the need arises. “We have been using Netsparker for over three years at Morneau Shepell, since version 2 was released. We are very happy with Netsparker and as long as they keep on frequently updating it, we will stick to it” said Mihai Petre.
Damage Limitation
Should a web application be hacked and sensitive data is leaked or stolen, the company could suffer severe financial and regulatory compliance problems. When Morneau Shepell started using Netsparker 3 years ago, many websites needed improvements in mitigating SQL Injections and Cross-site Scripting (XSS) vulnerabilities.
Using Netsparker they identified and confirmed particular cases where sites were vulnerable and quickly deployed fixes. Now the security team is confident that their web applications are secure, “Now the scanning reports only include IIS configurations problems, detected as low alerts. Thanks to Netsparker we identified and closed all critical security vulnerabilities”, Mihai Petre affirmed.
Netsparker Endorsement
“When you have to scan hundreds of web applications and identify exploitable vulnerabilities on all of them, Netsparker is THE essential easy to use tool that provides professional reports with clear explanation and steps to remedy them”, attested Mihai Petre, Security Analyst.
About Moreau Shepell
Established in 1966, Morneau Shepell serves more than 8,000 clients, ranging from small businesses to some of the largest corporations and associations in North America. With approximately 3,000 employees in offices across North America, Morneau Shepell provides services to organizations across Canada, in the United States and around the globe. Morneau Shepell is a public-traded company on the Toronto Stock Exchange (TSX: MSI).
About Netsparker
Netsparker is an industry leading automated web application security scanner developed by Mavituna Security. Mavituna Security management and engineers have more than a decade of experience in the web application security industry that is reflected in their product, Netsparker. Netsparker is a very easy to use web application security scanner that automates most of the web application security scanning. Since an out of the box installation of Netsparker is able to scan a wide variety of web applications, web security experts, penetration testers and QA engineers do not need to spend countless amount of hours tweaking and configuring the security scanner. Netsparker is revolutionising web application security by being the only one to automatically verify detected web vulnerabilities, thus reporting no false positives.