Flipkart.com chose iViZ to perform

comprehensive security assessments on its

web applications, while reaping savings

on time and cost.

iViZ

Penetration

Testing Helps

Flipkart stay

secure

"iViZ gives zero false positive

results which helps in fixing

genuine bugs than spending time in

chasing around non-existing bugs" -

Flipkart

Page | 1

iViZ Penetration Testing Helps Flipkart Stay Secure

COMPANY PROFILE

Flipkart, which began in 2007 is now as per Alexa traffic rankings, among the top 30 Indian web

sites and has been credited with being India's largest online bookseller. In 2010 they branched

out to selling CDs, DVDs, mobile phones & accessories, cameras, computers, computer

accessories and peripherals, pens & office supplies, other electronic items such as home

appliances, kitchen appliances, personal care gadgets, health care products etc. Flipkart has

over 2 million registered users and ships more than 30,000 items per day.

The advantages of becoming one of the most popular e-commerce websites and thus

generating more traffic and revenue through transactions are countered by the disadvantage

that Flipkart is now a recognizable target for hackers.

CHALLENGES

Hackers are always on the prowl for vulnerabilities or bugs in applications that can be exploited.

Cross-Site Scripting (XSS) attacks, Session Hijacking, Clickjacking, SQL injection, Cross Site

Request Forgery (CSRF)etc., are a few of the methods that hackers can use to gain unauthorized

access to information or applications. Even a small vulnerability getting overlooked could prove

to be highly expensive for Flipkart therefore they had to consider the following:-

Flipkart being a market leading e-commerce business rely on their web site to function

efficiently and be reliable, having the latest look and feel to keep them apart from their

competitors. In order to keep this web site cutting edge they would need to update the

code for it regularly hence Flipkart wanted a web application penetration testing

solution that would give them the assurance that its applications had no easily

exploitable vulnerabilities.

The testing solution had to be comprehensive and available to be conducted On-

Demand at short notice as well as offering detailed reports with support from a human

being when and if required.

Page | 2

Flipkart wanted to have its developers and testers concentrate on their core

competency which is to fix code and outsource the chore of repetitive cycles of testing

to a third party with Web Application Security Testing expertise.

Find a security vendor that could offer an attractively priced Web Application

Penetration Testing package without having to pay each time for unlimited testing

cycles.

Page | 3

SOLUTION

Flipkart evaluated Web Application Penetration Testing (WAPT) solutions from various vendors.

The breadth of testing coverage and the detailed reports generated by the iViZ penetration

testing solution resulted in its choosing iViZ. Below are some more of the reasons why Flipkart

chose the iViZ Unlimited WAPT Solution:-

iViZ Techno Solutions Pvt. Ltd came up with an offering that was disruptive to its

competitors as it was able to offer a fixed price for unlimited premium tests.

Coverage of all 26 WASC classes of vulnerabilities using their patent pending “Hybrid

Solution” from a Cloud based SaaS platform provides an On-demand experience at short

notice.

They have a team of experienced security analysts who can help explain report findings

as well as help them with recreating exploits on vulnerabilities detected.

They were able to provide reports that had the following key features:-

o Guaranteed Zero False Positives thus allowing the developers to spend time

fixing only actual vulnerabilities present in the application.

o Business Logic Testing by human security analysts that cannot be identified by

automated scanners.

o Remediation Recommendations to minimize the risk of attack.

o Proof of Exploits accompanied by Proof of Concept screenshots of the

vulnerabilities to help testers/developers identify and resolve issues.

BENEFITS

An ideal mix of comprehensive testing services, coupled with detailed reports, are helping

Flipkart’s application developers to ensure that their web application is free of

vulnerabilities and bugs.

Cost Benefit

o As Flipkart’s application is in a constant state of flux in trying to stay ahead of its

competition iViZ’s Premium package allows them to run unlimited tests on an

application as and when needed at the same price that would be incurred for

two rounds of testing by the traditional consultant approach, thus making this an

extremely cost effective solution.

Page | 4

Time Benefit

o The testing report format allows for prioritization of potential threats that need

to be mitigated — this helps Flipkart allocate resources wherever they are

needed the most for resolving issues.

o iViZ’s “Zero False Positives” guarantee allows Flipkart developers and testers to

only have to deal with legitimate vulnerabilities as confirmed in the report thus

avoiding any waste of time chasing false positives.

o The reports contain screenshots of the vulnerabilities that have been found

which helps Flipkart developers to identify and fix loopholes quickly.

o Since it is an on-demand, cloud-based solution, Flipkart saves on

software/hardware Capex and maintenance / in-house consultants Opex

overheads.