wiredrive.com uses checkmarx as its first line of defense
DESCRIPTION
When a cloud media sharing service needs to secure their most important media assets and stay compliant, who can they turn to? Wiredrive chose Checkmarx, which enabled them to integrate with its Continuous Integration SDLC cycle for ongoing and continuous scanning.TRANSCRIPT
About the Company
founded in 1999. The Wiredrive team consists of 35 employees and has
and London.
The Requirements Wiredrive is preparing for SSAE16 compliance and needed a suite of tools to validate secure coding best practices. Wiredrive’s Enterprise clients required recurring penetration tests and static code scans to audit the platform’s security. Wiredrive needed an internal solution that integrates with its Continuous Integration (CI) SDLC process, which uses Atlassian's Bamboo and GIT as the source repository. The solution needed to scan a large web application consisting of PHP, JavaScript, and Python. Wiredrive needed to scan its WordPress plugin and sample code.
The Alternatives
During the evaluation process, Wiredrive reviewed several open sourcesolutions that failed to locate known vulnerabilities. Wiredrive asked their Enterprise customers’ security departments for security audit recommendations.
1.
2.
3.
4.
5.
WIREDRIVECHECKMARX’S Case Study
Overview
COUNTRY: USA
INDUSTRY: cloud media sharing
PROFILE: Wiredrive is the cloud media sharing service of choice for the world’s largest advertising, entertainment and consumer marketing companies. Production, sales and marketing teams trust Wiredrive to simplify the logistics of creativity and securely manage their most important media assets. Them bring people and media together in a shared space where hard work and great ideas blossom into amazing things. Wiredrive is a fast-growing,
SOLUTION: Projects - Online production, review and approval, and integrated campaign management. Wiredrive Projects consolidates all of your assets into one place that can be accessed anywhere, anytime. Library - Create video reels and multi-media presentations instantly, with a myriad of powerful search tools, meta-tagging abilities, management tools and reporting abilities. Used for promotion and new business presentations.
web site: www.wiredrive.com
After additional research, Wiredrive realized that the recommended security vendors were frequently using Checkmarx. When one of Wiredrive's major customers speci�cally recommended Checkmarx, they decided to evaluate the product.
The Checkmarx Selection
Wiredrive found Checkmarx's CxCloud solution
unknown vulnerability. The test was easy to perform because CxCloud integrated directly with Github. CxCloud showed the complete
locations in the code.
Wiredrive ran their second test to validatetheir custom framework, which revealed both known and unknown vulnerabilities. Since Checkmarx met all evaluation requirements, Wiredrive signed up.
The Implementation
directly to CxCloud and ran a full scan. The QA team grouped the results and prioritized remedi-ation. The initial scans found vulnerabilities in the deprecated code, which was quickly addressed.
Wiredrive successfully integrated Bamboo with the Checkmarx CLI interface with the help from the Checkmarx's support team. This let
vulnerabilities decrease on an ongoing basis.
Now, Wiredrive runs a full scan on every build to make sure that new code adheres to secure coding best practices.
Enterprise customer requirements.
The Bottom Line
The sales cycle and product evaluation was simple and straightforward. The Checkmarx team was prompt and helpful throughout the entire sales and onboarding cycle. Technologically, the product exposed unknown
easy to understand.
Finally, Wiredrive’s Enterprise customers have responded positively by signing up additional departments and referring new customers.
Checkmarx plays a fundamental role in hardening our web application.
of defense.
Daniel Bondurant, CTO Wiredrive.com