The global online travel market continues to grow rapidly, with industry analysts projecting it will reach $1.8 trillion by 2028—up from USD $354.2 billion in 2020. Competition is also on the rise as online platforms and marketplaces proliferate.
A frictionless customer experience is key to success in this increasingly crowded market, but it can’t be at the expense of security. This is exactly the challenge that a leading rail and coach travel platform faces.
The company’s platform enables people to search, book, and manage their journeys from a single location. Users can access the platform via the website or mobile application. The company is committed to creating smooth and compelling customer experiences from log-in through travel completion, so continuous application innovation is key. The group is also focused on boosting application security, especially as it begins to embrace microservices and APIs.
To advance both goals, the company launched an application security (AppSec) team with a twist.
“The group wanted to create an AppSec program that drives secure applications and enables the security team to go from the group that says ‘no’ to a critical business enabler,” said a consulting partner for the company. “To do this, we needed to build a strong AppSec process that integrates into developers’ workflow.”
To realize its goal, the team required a set of powerful, yet easy-to-use application security testing (AST) tools. It chose Checkmarx Static Application Security Testing (SAST) and Checkmarx Software Composition Analysis (SCA) as the foundation for its AppSec program. In addition, the team deployed Checkmarx Flow to automate and integrate application security into existing tools.
The solutions enable the organization to scan uncompiled proprietary and open source code and automate the steps required to scan code and fix vulnerabilities earlier in the software development life cycle (SDLC). After the initial configuration, the solution performs AST scan activity hands-off with no human intervention required beyond a pull request initiated by a developer. Developers can have their code reviewed for all bugs and can close the full feedback loop with ticketing systems, all while the code is still fresh in their mind.
The solutions also work to remove friction between developers and AppSec teams, by integrating into developer workflows and eliminating manual and time-consuming configurations. The end result is faster time to launch and safer, more secure applications.
AST tool performance is key to success, according to the consulting partner. “If the tools are slow and cumbersome, developer productivity suffers. Our Checkmarx engine is running fast and performing well.”
The consultant also offers sage advice for organizations launching and progressing through the AppSec maturity curve:
“It is essential to obtain a solid understanding of the driving force for the AppSec program and what it aims to secure and protect. Once you tailor the security model to your organization’s needs, you can efficiently determine the critical areas. This step is crucial to identifying gaps in compliance, governance, and industry standards to allow you to prioritize the implementation. It also provides a clear view of the current state and enables you to design a roadmap to achieve your target state.
The sign of a mature organization is that you have the supporting infrastructure and awareness in place to maintain your AppSec program. Following this approach, organizations can pivot from a reactive to a preventive approach. The biggest win here is enabling the business to defend against non-compliance 24/7…without stifling innovation.”
To learn more about how our customers are benefitting from Checkmarx application security solutions, check out our customer stories page.