Penetration Testing for Filestack
See from the client’s perspective what cooperation with us looks like. From the initial interview about the platforms and expectations, through actual security tests up to retests and remediations consulting.
Penetration Testing for Filestack
Project review:
Please describe your company and your position there.
Filestack and TINT are both on the mission to harness user generated content. Filestack is a set of tools and APIs for developers to help them manage file uploads, transformations and delivery. TINT is a platform for marketers that helps them aggregate, curate and repurpose user generated content across many marketing channels. I’m VP of Engineering at Filestack and TINT responsible for all engineering and security aspects of our operation.
OPPORTUNITY / CHALLENGE
For what projects/services did your company hire SecuRing?
Securing was hired to perform penetration testing for both Filestack and TINT platforms.
SOLUTION
How did you select this vendor and what were the deciding factors?
We have been shopping for penetration testing provider for long time. Securing was the only vendor that wanted to hear our exact needs for penetration testing and was really interested in how our platforms are built so that they can target their testing accordingly. They performed comprehensive threat modeling and adjusted their service to the complexity of both our products.
Describe the project in detail and walk through the stages of the project.
Before we signed contract Securing performed detailed interview about our platforms, needs and expectations. Securing performed detailed threat modeling session with our team followed by over a week-long penetration testing.
We were getting immediate disclosures of vulnerabilities found and detailed report at the end of the testing. After we fixed vulnerabilities, Securing performed re-testing to confirm that they were solved. After the successful closing of the project we received final version of the report and executive summary version.
How many resources from the vendor’s team worked with you, and what were their positions?
For each of our platform we tested there were 2 to 3 security engineers assigned. We always communicated directly with Mateusz -Principal Security Consultant, he was extremely helpfull and responsive. They have no sales people – that was a big win for us.
RESULTS & FEEDBACK
Can you share any outcomes from the project that demonstrate progress or success?
Due to the complexity of our platforms, penetration testing required more effort than standard web application testing. Securing did great job, they found some really complex vulnerabilities that our internal testing could not identify. Each vulnerability was explained in detail with remediation suggestions. In their final report, they also included recommendations to secure our platform further.
How effective was the workflow between your team and theirs?
They were very responsive, professional, and detailed in their communication despite the difference in time zones.
What did you find most impressive or unique about this company?
SecuRing really met our expectations for penetration testing service. They were really interested on how our platforms are built so they can adjust their methodology to our needs. They also provided very detailed report with vulnerabilities found, remediation suggestions and recommendations.
Are there any areas for improvement or something they could have done differently?
No. They were very proffesional during entire project lifecycle.
