Search Go hack yourself with Detectify

An EASM blog from Detectify

Joachim Hedenius, KRY: ”Once you get started, you’ll want to use Detectify as much as possible!”

September 7, 2016

KRY is undoubtedly one of Sweden’s most successful and talked-about startups. The company offers video consultations with licensed doctors through their app and is revolutionizing the healthcare sector by making quality healthcare safe and easy to access. KRY use Detectify to continuously monitor their web applications and find potential vulnerabilities – something they believe is essential due to the strict security requirements they need to comply with. Joachim Hedenius, KRY’s co-founder and CTO, talked to us about the advantages of using Detectify.

Was security high on your agenda from the start?
It took us a year of development before we launched KRY because we wanted to make sure it would be a great product. We didn’t want to release a service that would be dismissed straightaway or get bad publicity. Instead, our goal was to make KRY something people would want to support and security has always been an important part of this.

We have spent whole days discussing security with the county councils to ensure we fulfill even the toughest requirements. I think our field, alongside banking and finance, needs to satisfy the strictest security measures, and that’s definitely a good thing. Ultimately, we are talking about the security of our patients and sensitive data that could be leaked.

How did you get started with Detectify?
Both me and Johannes, also a KRY co-founder, heard about you a long time ago. We were already working a lot with security, but we wanted to complement that with automated security testing, so we turned to you. At first, we were a little reluctant – after all, using Detectify meant giving you permission to hack us and we wondered how that would work out, whether the testing would generate lots of traffic and so on. But once we got started, it felt great! After the first scan, we just wanted to use the tool as much as possible.

How do you use Detectify today?
Internally, we use Slack quite a lot, which is why we use your Slack integration to get all the information pushed to our channel. It notifies us when a test begins, when vulnerabilities are discovered, and when a test is completed.

We use Detectify to test the security of our whole environment, including production – you help us find vulnerabilities. Because Detectify pushes security information to our Slack channel, it also helps creating a security awareness in our organisation. I think Detectify integrates seamlessly with the entire development chain.

What is your favourite Detectify function?
The Slack integration, of course! At KRY, everything happens on Slack, so a quick and easy way to integrate security into our workflow is a real dealbreaker for us. It is important to set high goals for your security status and acquire the necessary tools to support the work in an efficient way. Detectify allows us to do just that. It’s great to be able to do continuous security testing.

What is it like to work with Detectify as a company?
The way you communicate with your customers is really admirable and we think it’s great fun to have meetings with you. Because we have to work hard to keep our web applications safe, it’s fantastic to talk to people who are so passionate about security. You take care of all your existing clients and still manage to get out and about and invite people to seminars, for example.

Apart from using Detectify, how do you work with security?
KRY is built on trust that needs to be nurtured, so security is very important to us and permeates everything we do. We work a lot with risk analyses, which has fostered a security-oriented way of thinking in the organisation. We do continuous risk assessments of the entire IT security system as well as every time a new feature is released.

Security knowledge is becoming increasingly important in the recruitment process and being able to show an interest in security is going to become a huge advantage. We are very upfront about our expectations when we recruit and let developers know that the product we are building needs to be secure. If security requirements make you feel nervous, KRY is not the right place for you.

Would you like to use Detectify to improve your web security like KRY? Register for a free trial to evaluate our tool!