Identifying security vulnerabilities without impacting workflow
To offer customers a variety of convenient options for online ticket booking, flight status, and club membership management, EL AL has a portfolio of applications (including web applications, mobile applications, and APIs), developed in-house and by external subcontractors using many different technology stacks.
EL AL classically performed penetration tests on web applications as part of its comprehensive application security programs. However, manual penetration testing was costly and detected vulnerabilities very late in the development life cycle, when
applications were ready to be deployed in production.
EL AL wanted an autonomous in-house application security testing solution that would detect vulnerabilities early in the development process without slowing down the release cycle or imposing additional workloads on the development, QA, or application security team. The solution had to be simple and easy to use for the EL AL teams to perform security testing as part of their application runtime test cycles. EL AL also wanted to partner with a recognized industry leader that could work with them side by side to roll out a low-maintenance application security testing process integrated into the EL AL CI/CD pipelines.