Creating Secure Apps for Modern Events
Data Theorem helps Cvent accelerate the vulnerability management process for their clients' global apps.
100%
Percentage of Apps Scanned including Pre-Production
137
Overall Closed Security Issues
20
Harmful Third-party Libraries Removed
9
Delays Avoided from App/Play Store Blockers
48
Implemented App Protection Features
Cvent is a privately held SaaS company and was founded in 1999. Cvent solutions optimize the entire event management value chain and have enabled clients around the world to manage millions of meetings and events. More recently, they have excelled at helping organizations to host virtual events, scaling and automating the registration and presentation streaming capabilities.
The Challenge
Cvent applications were created with open source tools and the security process was very manual for the teams. Cvent was looking to get a security solution that integrated into their software development lifecycle (SDLC), enabling the development team to accelerate their code development and release cycles while securing each release in pre-production.
Another challenge was being able to conduct 3rd party checks on partners. Compliance checklists and audits only go so far in mitigating risk. They show a partner’s commitment to security, however they only capture that one moment in time. A vendor, contractor or supplier is just one connected device or phishing email away from a security incident. That vulnerability put Cvent and their partners at risk.
Past Alternatives
Before Data Theorem, penetration (pen) testing audits were used and auditors would mimic hackers with dedicated tools and try to expose vulnerabilities. But the high costs and one-a-quarter coverage have limited the scope of this methodology, which is best used as a complimentary security tool. Cvent wanted application security to be a critical part of a daily, even hourly development process, knowing that even the smallest vulnerability can wreak major havoc should they lead to failures or data breaches. To begin their search for the right solution, application security and vulnerability scanning tools abound for every step of the software development life cycle, which means more tools to manage.
The Solution
Data Theorem’s application security gives the ability to automate the testing process on an ongoing basis. It is also integrated into all stages of the development process, so that it can provide findings and feedback on a constant basis. Every change is analyzed automatically and teams are alerted and provided with secure code fixes, if vulnerabilities are found.
Cvent established a set of success factors such as scan accuracy, platform support (IOS, Android), easy integration with the build systems, scanning apps directly from the Appstore, vendor product roadmap and customer focus. Data Theorem met all of our requirements and we now discuss the AppSec findings with our customers in product engagement meetings.
The Results
- Cvent now has a Data Theorem-dedicated vulnerability management process.
- Data Theorem discovered more issues than the previously-used external pentests.
- Data Theorem now identifies any App Store blockers before going into production.
“At Cvent, we continually deliver innovative products for our customers and we needed a solution that could embed in the mobile SDLC for early identification of security vulnerabilities. Data Theorem ensured to meet our requirements. Implementation was pretty straightforward with no complexity.”
Vishal Junnarkar
Manager, Application Security
About Cvent
- Industry
- Event and Hospitality Software
- Location
- Tyson’s Corner, Virginia
Cvent is a leading meetings, events, and hospitality management technology provider with more than 4,000 employees, 30,000 customers, and 300,000 users worldwide. The Cvent Event Cloud offers software solutions to event planners and marketers for online event registration, venue selection, event management and marketing, onsite solutions, and attendee engagement. Cvent's suite of products automate and simplify the planning process to maximize the impact of events. The Cvent Hospitality Cloud partners with hotels and venues to help them drive group and corporate travel business.
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. Data Theorem products help organizations prevent AppSec data breaches. The company has detected more than 5 billion application eavesdropping incidents and currently secures more than 25,000 modern applications for its Enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York and Paris.