Creating Secure Apps for Modern Events

Data Theorem helps Cvent accelerate the vulnerability management process for their clients' global apps.

Cvent
Industry
Event and Hospitality Software
Location
Tyson’s Corner, Virginia

Products Featured

The Company

Cvent is a privately held SaaS company and was founded in 1999. Cvent solutions optimize the entire event management value chain and have enabled clients around the world to manage millions of meetings and events. More recently, they have excelled at helping organizations to host virtual events, scaling and automating the registration and presentation streaming capabilities.

The Challenge

Cvent applications were created with open source tools and the security process was very manual for the teams. Cvent was looking to get a security solution that integrated into their software development lifecycle (SDLC), enabling the development team to accelerate their code development and release cycles while securing each release in pre-production.

Another challenge was being able to conduct 3rd party checks on partners. Compliance checklists and audits only go so far in mitigating risk. They show a partner’s commitment to security, however they only capture that one moment in time. A vendor, contractor or supplier is just one connected device or phishing email away from a security incident. That vulnerability put Cvent and their partners at risk.

Past Alternatives

Before Data Theorem, penetration (pen) testing audits were used and auditors would mimic hackers with dedicated tools and try to expose vulnerabilities. But the high costs and one-a-quarter coverage have limited the scope of this methodology, which is best used as a complimentary security tool. Cvent wanted application security to be a critical part of a daily, even hourly development process, knowing that even the smallest vulnerability can wreak major havoc should they lead to failures or data breaches. To begin their search for the right solution, application security and vulnerability scanning tools abound for every step of the software development life cycle, which means more tools to manage.

The Solution

Data Theorem’s application security gives the ability to automate the testing process on an ongoing basis. It is also integrated into all stages of the development process, so that it can provide findings and feedback on a constant basis. Every change is analyzed automatically and teams are alerted and provided with secure code fixes, if vulnerabilities are found.

Cvent established a set of success factors such as scan accuracy, platform support (IOS, Android), easy integration with the build systems, scanning apps directly from the Appstore, vendor product roadmap and customer focus. Data Theorem met all of our requirements and we now discuss the AppSec findings with our customers in product engagement meetings.

The Results

  1. Cvent now has a Data Theorem-dedicated vulnerability management process.

  2. Data Theorem discovered more issues than the previously-used external pentests.

  3. Data Theorem now identifies any App Store blockers before going into production.

Statistics

PERCENTAGE OF APPS SCANNED INCLUDING PRE-PRODUCTION : 100%

OVERALL CLOSED SECURITY ISSUES : 137

HARMFUL THIRD-PARTY LIBRARIES REMOVED : 20

DELAYS AVOIDED FROM APP/PLAY STORE BLOCKERS : 9

IMPLEMENTED APP PROTECTION FEATURES : 48

At Cvent, we continually deliver innovative products for our customers and we needed a solution that could embed in the mobile SDLC for early identification of security vulnerabilities. Data Theorem ensured to meet our requirements. Implementation was pretty straightforward with no complexity.