Bidpath Leads by Example and Avoids These 4 Security Pitfalls

AppSec Risk Visibility

Publish Date

Jun 30, 2020

Written by

ZN Logo for Blog


Tagged with

  • Continuous Security
  • Cybersecurity
  • Vulnerability Management
  • Application Security
  • DevSecOps
  • Digital Transformation
  • AppSec
  • Bidpath

There’s no debate. Application security is a must. However, delivering vulnerability-free software at speed and scale isn’t easy. Just ask Francis Juliano, CTO at Bidpath, one of the world’s leading online auction platforms. Because Bidpath relies on software to run their business, Juliano has faced a number of common application security (AppSec) challenges—just like other industry professionals around the globe.

There are a lot of bumps in the road to better AppSec, which means finding the proper strategies and tools to avoid them is key. These security challenges are not insurmountable, but they do require some thoughtful navigation. For Bidpath, finding an effective path to better security made all the difference.

Here are 4 challenges you will likely encounter on your journey to better application security:

1. Distributed and Diverse Development Teams and Systems

You’ve got programmers, developers, QA professionals and others, all in different locations and time zones, who work on various parts of your software. Aside from scattered teams, you’ve also got development components, such as code libraries and more, all of which need to be scanned.

Corralling all those moving parts is hard enough, let alone ensuring they’re all using consistent, secure coding and management practices. You need to build security and control into the entire process, without adding burdens that slow progress or exhaust resources. And this is precisely what Bidpath did. They built a comprehensive AppSec program that’s integrated across the SDLC, explicitly to scale up security and increase developer productivity.

2. Multiple Scanning Tools and Crippling Number of Alerts

You’ve got a workbench of tools in your AppSec arsenal to ensure scanning coverage across all stages of the SDLC. The problem is, each security scanner executes and generates vulnerability information in its own way.

Each tool operates independently, but addressing the cacophony of outputs from each tool individually is inefficient and creates duplicate work. Moreover, you’ve got to collect all that data manually, then correlate, evaluate and prioritize the results. As we know, this work takes time. A lot of time. To remain competitive, security teams need a streamlined way to quickly and easily find and fix vulnerabilities. Using ZeroNorth, Bidpath was able to easily correlate 10,000 to 20,000 issues into a single page, allowing them to quickly and confidently address all remediation recommendations.

3. Blind Spots

You need oversight to ensure your development practices are, in fact, supporting your security posture. This involves a lot of questions: Is scanning happening consistently and pervasively? Are all systems fully patched and updated? Are you performing vulnerability tests both inside and outside the firewall? How sure are you really that the software you release is secure? Without a real-time, holistic view of your security posture, you’re operating in the dark.

Using ZeroNorth, Bidpath gained the visibility needed to answer these questions, as well as save considerable time and budget.

4. Customer Demands

Customers today are now demanding application security alongside new features and functions. Most RFPs today include security requirements, sometimes with extremely detailed specifications. Prospects have been known to reject a software product based on security criteria alone. But meeting these requirements is much more than an RFP box-checking exercise.

Bidpath wanted to assure its customers that all the software it rolls out will be free from vulnerabilities. It’s part of the trust they build and the support they offer to foster loyalty and grow their business. With ZeroNorth in place, Bidpath can respond more easily to any application security requirements—from governing bodies to prospects to anyone else.

The Journey to Application Security

To learn more about the Bidpath journey and how they built out a more robust application security management program with ZeroNorth, read the case study, or contact us for more information.


eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

Application Security

Learn How Powerful Metrics Can Help You Manage AppSec Tools and Risk

By ZeroNorth Jul 15, 2021

Bugs and flaws in software are common and unavoidable. In fact, about 84%[1] of software breaches happen at the application layer, which means organizations looking to ...

Read More

Application Security

What is Application Security Risk?

By ZeroNorth Jun 22, 2021

If you have ever considered how hackers and other cyber attackers on the internet use different paths to harm systems and software, you already know a ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.