Scroll down for the full case in PDF ⬇️
BaladAPP is the leading app in Brazil for event management.
They give event organizers an easy way to sell tickets and control access while also making it extremely easy for consumers to browse events in their area and buy their tickets. They’ve been growing fast and having the trust of their users was fundamental for this success. Protecting their digital infrastructure became the top priority.
Industry: Entertainment
Headquarters: Goiás, Brazil
Company Size: 51-100 employees
Protected Attack Surface: 50 assets
Mitigated Impactful Risks: 2
BaladAPP first reached out with a big concern: “Are we safe?”
They had never conducted external security tests before, but they knew there were gaps in their defenses. They were skeptical of traditional penetration tests, as they’re usually just a checklist of tests with no real creative input. But a rising number of cyberattacks in Brazil - more than 100 billion cyberattacks per year and with double-digit increases every year - made Wagner, the CTO, concerned.
He began looking for solutions.
They were dealing with sensitive personal data, collecting emails, names, and payment data. And if there was a breach, it would be hard to regain the trust of their customers. Who would insert their credit card data into a recently-hacked website?
Wagner mentions their biggest cybersecurity challenges were the lack of specialized security staff and the quality of solutions in the market - both in terms of the vulnerabilities they find and the reports they produce.
Wagner had no time to waste. Work began immediately by starting with our Artificial Hackers, which identified vulnerabilities across their digital infrastructure. And their developers got to work. Since it produces instructions on how to reproduce the attack, they could patch them quickly. Not only that but having this detailed walkthrough helped them understand how to make future code releases stronger, reducing the overall number of vulnerabilities.
Then Wagner requested on-demand Human Hacking, so we got started with the ethical hacking process. After the Artificial Hackers found the most immediate vulnerabilities, our ethical hackers tested their defenses using more creative methods.
The combination of the two made their app more robust than ever. BaladAPP uses its bank of Ethical Hacking hours to launch multiple pentests per year.
“The proficiency of the hackers assigned to meet our demands is certainly what motivates us most to continue.”
Wagner Caixeta
Chief Technology Officer at BaladAPP
BaladAPP was already leading the market. Now their position is even more solidified. Trust is everything in their business, and now they’re keeping their assets from harm.
Wagner highlights how the 24/7 availability of Machine Ethical Hacking gives him peace. And he knows that when there’s a big release coming, they can use our on-demand human hacking events to ensure protection.
This on-demand approach to Ethical Hacking makes the most sense to him. Employing security staff full-time would be costly - having a flexible system lowers the cost while keeping their assets safe.
Download the full case study here | PDF