By Intigriti
August 8, 2023
In the age of digital transformation, cybersecurity has become an essential part of businesses. A rise in cybercrime highlights the vulnerabilities in business-critical applications, emphasizing the need for more robust cybersecurity measures.
Prato made a substantial investment in enhancing their infrastructure and applications’ security. This is where Intigriti’s collaboration with Prato started.
Prato, a market leader in HR automation, has offered innovative HR software solutions and comprehensive payroll and personnel services for over 20 years. Their expertise lies in aiding businesses to manage their HR processes effectively. Since their platform contains personally identifiable information, it is vitally important to keep their platform secure.
Three years ago, Prato partnered with Intigriti. Ronny Martens, an enterprise architect at Prato, explains their experience using the Intigriti platform as a pleasurable one. “We defined the scope of our bug bounty program and created a test environment with the ethical hackers in mind. This test environment is a replica of our production environment using dummy data. This enables ethical hackers from across the globe to engage with this test environment and search for vulnerabilities before we deploy the code to the product.”
Intigriti ensures smooth execution, follow-up, and most importantly, the screening of the ethical hackers working on the platform. If the ethical hacker discovers a vulnerability, it is reported and then validated through the Intigriti platform. Should there prove to be a software error or vulnerability, the ethical hacker is rewarded with a pay-out (known as a bug bounty) set up by Prato and managed by Intigriti’s highly regarded in-house triage team.
Intigriti has scrutinized all of Prato’s software solutions for potential vulnerabilities. In the past, automated test tools were used to identify potential security issues. By adding the dynamic talent of Intigriti’s ethical hacking community, the level of testing quality has improved dramatically, and issues have been found before the product is deployed.
“Our initial collaboration with Intigriti involved security researchers focusing on our HiAnt and CheQpoint instances, looking for potential bugs and security leaks via a hybrid pentest,” Ronny shared. This collaboration led to the discovery and subsequent rectification of several minor issues, leading to the discovery and patching of the security issues.
Six months after hybrid pentesting, Prato launched their bug bounty program for their latest software solutions. Applying the security learnings, Prato had from HiAnt and CheQpoint. Prato’s newest solutions, Earnie and PratoFlex, have been rigorously tested by security researchers on the Intigriti platform, and only a limited amount of issues have been found so far. Prato plans to increase the bounty reward, to motivate researchers to continue the search for potential vulnerabilities.
Programs like the one Intigriti shaped with Prato focus on proactive prevention negating the need for reactive cures. Prato has improved its software by maintaining a consistent focus on security, and the collaboration has made a positive impact.
At Intigriti, we believe the best way forward is to ensure comprehensive security by teaming with security researchers, and Prato shares this vision. While the idea of inviting ethical hackers to test your systems might sound unconventional, it is the best way to ensure proactive safeguarding. By adopting this approach, Intigriti equips businesses with the confidence and robust defense mechanisms they need to thrive in today’s ever-changing digital landscape.