Payválida

Key benefits of Fluid Attacks' Continuous Hacking for Payválida

Payválida works under the DevSecOps methodology and applies changes to its systems every day. This is why the key benefit of using Fluid Attacks’ Continuous Hacking solution for them has been identifying vulnerabilities at the speed of their business with frequent reports showing a low rate of false positives, as well as fast support for their reattack requests and questions. Since using this solution, the company has achieved high remediation rates and fast closure of critical severity vulnerabilities, thus allowing the secure deployment of their application while also going beyond the compliance requirements of the PCI DSS.

Payválida needs to find vulnerabilities at the speed of their business

As a company in the fintech ecosystem, Payválida focuses on securing its payment gateway continually against the risks of fraudulent transactions and denial of service. This means they need to avoid security issues when their application goes into production by remediating vulnerabilities during development. Seeing as they work with a continuous integration/continuous deployment model, they need a solution that helps identify vulnerabilities at that same speed and provides prompt, clear feedback to remediate them in order to effectively secure the company’s application.

Why Fluid Attacks is Payválida's best choice

Payválida had initially contracted a one-time hacking solution to test the security of its system. However, when they began the project to get PCI certified, they discovered that this type of service could not keep pace with their development speed, let alone reflect their cybersecurity stance. They found a comprehensive offer at Fluid Attacks, whose Continuous Hacking solution searches for vulnerabilities continuously during the entire software development lifecycle. This solution surpasses services that use only automated tools for their tests and may present high rates of false positives. It accomplishes this by adding the element of human expertise and knowledge of the techniques used by malicious attackers.

Payválida has been implementing Continuous Hacking for more than three years, during which they have been remediating vulnerabilities before and after deploying their systems to end users. This way, they leverage Fluid Attacks’ solution to live up to the requirements of the DevSecOps methodology.

Payválida has achieved high remediation rates and speed

According to Payválida, Fluid Attacks has played a significant role in their success thanks to its ability to find and report vulnerabilities in a timely manner and provide helpful support. They also recognize a cultural change in their enterprise: During the time they have been using Continuous Hacking, they have improved the teamwork that allows for vulnerabilities to be closed shortly after they are reported. Their security team frequently logs into Fluid Attacks’ platform to track their progress and assign the remediation of newly reported vulnerabilities to their developers.

The platform gives them accurate information quickly, which has represented a significant improvement over their experience with one-time hacking, as they are now making decisions based on their current cybersecurity status and are aware of their risk. Although they need to deploy changes fast, they make sure to invest time in security during development to prevent setbacks later on. Therefore, they focus heavily on working cooperatively to remediate all the vulnerabilities before deployment. Moreover, they are continuously learning from the findings reported by Fluid Attacks so that they can avoid making similar mistakes in the future.

By June 6, 2022, Payválida remediated 96% of their systems’ vulnerabilities with a mean time of seven days to remediate the most severe ones over the preceding three months, thus reducing their systems’ risk exposure by around 80%.