The Gov.il unit is in charge of hosting all the governmental websites in Israel, as well as their security. Needless to say, the security standards that are needed are the highest as government websites deal with the most sensitive user data there is.
Gov.il is on of the “Top 5 most attacked targets” on a daily basis in the world which is why our AppSec standards are the highest possible.
Our AppSec team in Gov.il must perform PT for all the websites before they are launched and on every new released version. This means tests must be performed several times per week based on newly released versions, which is impossible to do manually.
We needed a solution that can cover scanning all our websites, thoroughly, automatically, and without false-positives (which require additional manual validation).
It is important for us that the solution will be easy to use, can both crawl dynamic web-app and scan APIs directly, can integrate to CI/CD proccesses and will be constanly updated to find the latest vulnerabilities.
Bright provided us exactly what we needed, and more. In the test we performed with Bright we found the highest coverage for our applications, both in terms of discovering the application attack surface and findings.
In addition, Bright was very quick in providing support and adapting the product to our particular needs. The simplicity of usage and full automation allowed us to truly start moving our AppSec testing closer to the development as we are implementing the “Shift left” in our AppSec.
The ROI with Bright is very high. With Bright we get a full-featured application security testing fo every new version w release for a fraction of the price that manual PenTests used to cost us.
|Testing variance||Using Legacy Dast||Using Dev-Centric Dast|
|% of orgs knowingly pushing vulnerable apps & APIs to prod||86%||50%|
|Time to remediate >Med vulns in prod||280 days||<150 days|
|% of > Med vulns detected in CI, or earlier||<5%||~55%|
|Dev time spent remediating vulns||-||Up to 60x faster|
|Happiness level of Engineering & AppSec teams||-||Significantly improved|
|Average cost of Data Breach (US)||$7.86M||$7.86M|