Give your testers a break! Discover how our test automation solution can help your business.

We believe automation should deliver not only better applications, but also be cost-effective and get your new products and features to market quicker. Why not pick our brains about how we do this for our customers?


We Help You Maximise Profits By Shipping Bug-Free & Secure Software

If your goal is to transform digital software delivery from a cost-centre to a profit maximiser,
we have the solutions to help you.


  • IT Strategy Consulting

    Get your journey optimised with digital transformation plans, testing strategy development and application architecture reviews.
    Learn More


  • Software Testing

    Proven software testing services & test automation tools to help you ship bug-free apps while slashing your testing time & saving up to 55% in the process.
    Learn More


  • Penetration Testing Services

    Web app & mobile app penetration testing services & vulnerability assessments to help you sell more, protect your business & sleep easier.
    Learn More

Let's Talk

Application Delivery Solutions For Digital Programs


  • Today's businesses & consumers interact with your app across multiple devices, so why should your testing be restricted to only a few?

    A robust testing program caters for functional, performance & security testing across all relevant devices. Does your testing program do this?

    Learn More


  • The entire premise of continuous delivery is speed and accuracy in execution. Both of these elements cannot be achieved using traditional testing tools and techniques.

    The Qsome Technology Platform is built to improve quality at speed. The combination of technology and bespoke services allows you to achieve your continuous delivery goals.

    Learn More


  • Today's users take mere seconds to judge an app's user experience. You should give them every reason to rate your app highly.

    Additionally, the speed at which app updates need to be released requires a serious quality program that inlcudes automated testing.

    Learn More


  • Performance optimisation is a dynamic exercise that requires multiple iterations. Its importance is magnified in a digital context where users expect, rather than desire, responsiveness.

    The Qsome Technology Platform allows users to execute load tests using functional test scripts. No extra investment is needed.

    Learn More


  • We have developed proprietary algorithms that enable more relevant test management & enhanced coverage & oversight of the most at-risk processes.

    Our custom-developed dashboard gives your team a conscise and updated view of the riskiest processes & the outcome of their recent test results.

    Learn More


  • Making sense of data is one of today's greatest challenges and potentially a very lucrative opportunities.

    Our ability to conduct intensive data-driven testing at speed will help verify that your Hive SQL queries are behaving as intended.

    Learn More



Some Of Our Software Testing Customers

Enter Break Wrapper Title Here

Enter Text Here


Tell Us How We Can Help You


Global

solutions[at]audacix.com

+61 3 7001 1430

Australia

1300 28 44 92

Waterman Business Centre, Suite 86, Level 2, U/L 40, 1341 Dandenong Road, Chadstone, VIC 3148, Australia

India

+91 9845 00 86 96

201, Green Glen Layout, Bellandur, Bangalore - 560103

United Kingdom

+44 20 3769 2460

Suite 2, Block 2, Portman Mansions, Chiltern Street, London W1U6NR


Latest From The Audacix Blog

Thursday, 26 March 2020



If you are running Oracle ERP applications without any test automation to help your teams, your headaches get bigger with every passing quarter. Oracle releases a few hundred critical patches for its suite of ERP products including JD Edwards, EBS, Sebel and others.

Applying, and even not applying, a patch to your Oracle EBS system has associated costs.

What is the cost of not applying patches to Oracle EBS systems?

Most Oracle EBS patches include bug fixes that have been commonly reported across all of Oracle's EBS customers. On the odd occasion Oracle will release a feature in its patches with which it tries to nudge its customers towards adopting something new that it is trying to roll out.

In this day and age, the most important reason to apply Oracle patches in a timely manner is to close newly discovered and exploitable security vulnerabilities that were shipped with a previous patch or within the core EBS system.

By not applying EBS patches, you are playing chicken with hackers who are eager to exploit your EBS system's security vulnerabilities. Especially when you consider that 64% of IT decision makers have reported that their ERP systems have been breached between 2017 and 2019.

The cost of this is difficult to quantify, because it depends of the size of your organisation and the importance of the records that your EBS system houses. But if your organisation is running Oracle EBS then it's fair to assume that it's at least a mid-sized company and so minimum loss projections of $50,000 per working hour appear be a fair estimate.

Remember, the above figure isn't just because of downtime due to security breaches. That figure relates to ANY downtime, including those caused by functional bugs that render your EBS system unusable.

So are you prepared to lose $50,000 per hour just because you didn't apply the EBS patches that Oracle released for your system?

Why are Oracle EBS patches not applied immediately by organisations?

The most commonly cited reason for not apply EBS patches comes down to the maintenance cost of ensuring that everything in your EBS system is working as expected after it has been patched. This is a very real concern, especially for EBS systems that have been heavily customised over the years.

If you are not up-to-date with your EBS patch schedule then you might identify with these common reasons for why organisations don't apply their EBS patches in a timely manner.
  • EBS customisations have not followed the Oracle standards and so will need to modified after a patch is applied.
  • Migrating customisations across environments can be time consuming and error prone, especially if the point above is true.
  • EBS 12.2.x runs on WebLogic and you may not have the sufficient WebLogic expertise on your team.
  • Production-outage time associated with an upgrade cannot be mitigated because of a lack of sufficient test and pre-prod environments.
Oracle EBS maintenance costs usually blow out in organisations that have not invested in enough automation. If you read the reasons above and found yourself nodding your head, then then the following 3 tricks to minimising the cost of EBS maintenance and patching could revolutionise the standard of functionality and user experience that you provide to your end-users.

Trick 1: Invest in end-to-end Oracle EBS test automation

Most IT decisions are heavily influenced by the price tag. Many organisations that run EBS but don't have test automation for it cite the exorbitant cost of EBS testing tools like OATS and UFT. Those tools are undoubtedly expensive to buy, expensive to run and it is expensive to find the right skills to operate them.

Thankfully, there are a couple of modern automated software testing tools that make test automation for Oracle EBS systems a lot easier and quicker to implement. Most importantly, our Qsome test automation tool even solves the stumbling block of automating tests for Oracle Forms and its various other Java Applet-based features.

The key to selecting the right automated software testing tool for EBS is to ensure that you don't have to host the testing infrastructure. Maintaining the infrastructure for EBS testing tools can often be as expensive over time as buying the testing tool's licenses in the first place.

Trick 2: Select on Oracle EBS test automation tool that can test cross-application workflows

You'll agree that your Oracle EBS system no longer operates in a vacuum - it collects data from and feeds data to other digital applications that are used by your company's customers, employees and vendors. That's why your EBS testing team needs the ability to automate true "end-to-end" tests.

The key to building cross-application automated tests is ensuring that a each test model where necessary, using multiple scripts (ideally 1 per user interface), can simulate a real user workflow. Most Oracle EBS testing tools can test a function within EBS. Very few can actually help you comprehensively test a real user journey that traverses EBS and other interfacing digital applications.

The Qsome Oracle EBS test automation tool is one of those few testing tools that provides this functionality "out-of-the-box." The best part is that Qsome is a cloud-based, continuous testing tool that has a specific Computer Vision based framework for EBS testing.

The reason you want to be able to regression test cross-application workflows is simple: when one application in your environment is changed, there is a good chance not only that its own features are broken, but also that connectivity with other applications is also affected.

If your EBS testing tool is only able to test EBS, then you have to bring in another tool that can test interlinked workflows. It should be obvious that this situation adds complexity. Where complexity rises, so do costs. If for no other reason than this, you need a testing tool that allows you to automate testing for all types of applications in your environment.

Trick 3: Incorporate your EBS releases into your DevOps pipeline

The longer you separate your EBS delivery from delivery of your other applications, the more your software testing costs will spiral. Spiralling testing costs are the reason you came here in the first place and are probably also the reason that you are delaying implementing recommended EBS patches. So you are able to get two birds with one stone when you implement this trick.

The best automated software testing tools have the necessary functionality to plug into DevOps pipelines. Automating your EBS deployments will undoubtedly take some work and investment up front, especially if your organisation is starting from scratch. However, if you take this step as an IT decision-maker you will eventually make your IT budget go further and improve functionality and user experience for your end-users.

If you want to see how a purpose-built EBS testing tool could work in your environment and for a free trial, schedule your demo today.

By: Ayush Trivedi

Tuesday, 24 March 2020



Another day, another hack!

Nutribullet, the blender and easy blended smoothie company, was hacked and their ecommerce online shopping store was injected with malicious code not once, not twice, but three times in the last 30 days! The malicious code helped hackers literally swipe away the credit cards numbers of Nutribullet customers.

Application security is seldom considered during the ideation phase unless the development team has previously been hacked and survived to tell the tale. But it's also true that it's never too late to secure your ecommerce store.

In fact, smart and fast-growing ecommerce stores who outperform their peers usually share this common trait: they consistently grow sales and build their brand by turning their security standards into a key differentiator and selling point.

E-commerce sales hitting trillions of dollars alone in 2019 makes it a very lucrative market for malicious hackers group like Magecart whose sole purpose is to steal credit card information.

Why should ecommerce & online shopping stores worry about application security?

Simply put, it helps to avoid massive costs to your business when you do get hacked AND it helps your customers trust you more. We both know what increased customer trust means for our businesses, right?


To put that in perspective, here are some staggering numbers for you from IBM.
  • The average total cost of a data breach is $3.9 million global & $8.2 million in the United States.
  • Time to identify and contain a breach is 279 days!
  • Cost per lost record is $150.
If hacked, a single data breach event could potentially put your business under and can result in many ghastly outcomes for you:
  • Your business will have a hard time bouncing back up
  • Customers leave because of breach of trust
  • Loss of revenue
  • Brand reputation takes a hit
  • Spending more on AppSec and marketing 
  • PR and legal costs go up
Your probability of being severely disrupted when you're hacked goes down significantly if you follow the following tips. You will be able to conduct many of these activities within your current team. For some you will need an AppSec and penetration testing partner like Audacix.

The primary reason you should consider an external AppSec partner is that your development team needs to focus on your ecommerce product. Your developers will save a lot of time (and therefore save you money) if they're helped with targeted recommendations that help them fix your security vulnerabilities as they are found.

So how can your ecommerce or online shopping store avoid being hacked?

Tip 1: Conduct a thorough cybersecurity risk assessment

Has your business done this in the last 2 years? Cybersecurity risk assessment is a good way to know your current position and where you want to be in terms of security. It's like trying to have a fit body, it's important to measure body stats before starting out and determine what your end goal is.

A cybersecurity risk assessment is about understanding, managing, controlling and mitigating cybersecurity across your organization. It is a crucial part of any organisation's risk management strategy and data protection efforts.

Tip 2: Create a cyber incident response plan & practice it

An idiot with a plan can beat a genius without a plan.
Warren Buffet
Think of your cyber incident response team like a team of firemen. They know how to put out a fire when there is one, and they know how to help you build the safeguards that help you minimise the chances of a fire happening altogether.

What is your plan if you get hit by a virus or malware? What will you do if it's a DDoS attack disrupting your operations by overloading your web server?

You should be armed with the right tools and processes to deal with these scenarios quickly. You should practice it periodically within your organisation like a fire drill to stay updated and not panic when under a cyber attack.

Tip 3: Educate your software team about how and where you're likely to be attacked



Developers build beautiful, fast, functional apps but they're generally not aware about shortcomings of an app from security's point of view. Educating your team of developers to fortify the areas where you're most likely to get attacked is a logical solution.

We offer your developers a training portal as part of all our AppSec and penetration testing subscriptions. This training will help your devs build at least foundational knowledge of how how to build secure applications and make them more security-self-sufficient developers in the process.

Tip 4: Lock down your HTTP security headers to make it hard for hackers

The easiest and quickest way to check how many of these seven HTTP headers your web application uses adequately is by using the CyberChief.co HTTP header analysis service. Simply enter your web app’s login page and in less than 2 seconds you will be will have a complete analysis of the HTTP headers that are already configured properly, and those that need more work.

The best part is that Cyber Chief’s recommendations spell out in detail where your developers can configure these HTTP headers in your application. It will also explain what directives and keywords should be used maximise the security that each HTTP header can offer.

There are usually zero compelling reasons to pay hundreds or even thousands of dollars fancy SSL certificates from brand-name SSL certificate vendors. A free SSL certificate from services like LetsEncrypt or Cloudflare will be more than adequate for most cloud applications.

Tip 5: Strengthen your password policy & implement two-factor-authentication (2FA)

Are you using a password named after your favourite quote, philosopher, celebrity, kid's birthdate?
You can go check online the strength of your password. These services calculate how long will it take for a hacker to steal it.

Remember, DO NOT enter your real password in these services. Also, there are a number of password lists publicly available like this, if the admin passwords to your ecommerce store are on that list, change them now.

Your business is as safe as your password, you need to implement robust password policies which contains a combination of numbers, special characters, alphabets and must be longer than 8 characters.

2FA allows you a second line of the defence in the event that your team and/or customers click phishing emails and are tricked into giving up their login credentials. In short, 2FA makes your business more robust and secure by minimising the extent of a breach when a hacker does get past your defences.

There are 2FA apps like Google Authenticator, which can be installed on your mobile phone. It has a unique code which changes every minute making life difficult for a hacker.

Audacix is also a RSA partner and our AppSec team can recommend the most appropriate 2FA systems depending on whether you want an open-source solution or something that's more enterprise-grade.

Tip 6: Encrypt stored data and data in transit, especially customer data

If you want to protect your digital assets and customers' data, it must be encrypted. This is a non-negotiable for all ecommerce businesses.

Data like login credentials of a user, credit card details, other sensitive information must be encrypted using TLS when in transit i.e exchange of data between two locations. The drives where you store your data should also be encrypted using strong protocols.

Don't make the same mistake Facebook did, it stored millions of Instagram users' passwords in plain text format. Your development process needs to pick up when something like this happens and alert the right people to fix it.

Tip 7: Conduct thorough grey-box penetration testing

Are you working super hard to grow your ecommerce store every single day? Well so are the hackers trying to break into your online store! Penetration testing means getting into the shoes of malicious hackers and trying to figure out how to bypass all the security defences without alerting anyone.

Conducting grey-box penetration tests provides an outsider perspective on your security and exposes your weaknesses before real hackers do.

An external AppSec partner like Audacix does exactly that plus has an on-demand vulnerability scanner for you and your team with monthly AppSec subscription plans.

Tip 8: Build security into your ecommerce app development cycle


Integrating the best security practices in your app development cycle helps you ensure that your developers are not leaving open big, wide windows for hackers to exploit your vulnerabilities.

Some of our ecommerce AppSec and penetration testing clients have noticed hacking attempts within minutes of pushing new code to production.

No app is perfect, not even relatively simple ecommerce applications built on Magento, Drupal, Joomla or Shopify Plus. So you'll agree that it is common sense and makes utter financial sense to build processes into your development cycle that help to pick up at least the most obvious vulnerabilities.

Mammoth ecommerce stores like Amazon might be able to survive these attacks but can your ecommerce store do the same? If your instant answer is NOT Yes, let's have a quick chat to discuss your needs.
By: Yash Srivastava

Saturday, 21 March 2020



While the world is in panic mode and as we all get used to working from home regularly its important to remember that things will get better.

When we're busy helping our teams, our customers, our neighbours, our families, it's easy to lose sight of the fact we also need to position our SaaS businesses to come out of this period stronger and ready to pounce on the opportunities that will present themselves.

Harvard Business Review (HBR) studied business performance after the 2007 recession in the US. They found that only 9% of businesses outperformed their pre-recession financial performance 3 years after the recession ended.

Post-recession winners aren’t the usual suspects. Firms that cut costs faster and deeper than rivals don’t necessarily flourish. They have the lowest probability — 21% — of pulling ahead of the competition when times get better.
Roaring Out Of Recession, Harvard Business Review, 2010
I think you'll agree that the key here is not necessarily to make the right decisions, ostensibly because making the right decisions implies that we know exactly what we are dealing with here and for how long, which we do not. But as Dr Harriet Lerner says, “we should not let fear lead us into isolation or stop us from acting with clarity, compassion and courage. Terrible things happen, but it is still possible to move forward with love and hope.”

So if you are with me so far, you now have two options in front of you:
  1. You can look at those numbers and worry about whether that will happen to you; or
  2. You can galvanise your team and plan for how you're going to be best placed to grab new opportunities in a rebounding market.
If you chose number 2, welcome to the club. This is what we're doing to not only be empathetic and compassionate during this pandemic, but also to position our SaaS business for growth.

1. Washing our hands with soap

You have probably heard this a lot recently, but it is literally a life saver. I realised that most of us have probably never been taught how to wash our hands properly and systematically.

Medical professionals go through many hours of training on this aspect of hygiene alone. So we can all do worse than to learn from them and learn the process they use.

2. Getting exercise into your bodies

Personal trainers aren't an option. Gyms are probably closed or at least not the most desirable places in this climate. So why not try fresh air exercise by walking or running on the road or in a park (as long as social distance is maintained, of course)?

For those of us who need professional help to exercise, there are number of options that are free for us to try during this pandemic.

Depending on where you live and the public spaces that are available to you, it might be a great time to take advantage of the drop in the number of cars on the road and enjoy the cleaner, fresh air outside.

3. Focus on sleeping better

The current level of media and politician-driven panic is not healthy. As our collective anxiety levels rise, our sleep quality deteriorates. Not only is poor sleep bad for our general health but good sleep has been proven to enhance our memory and cognitive function.

Clearly, we're going to need both if we're going to position our businesses for post-recession growth.

Regular exercise has been proven to improve sleep, but it might also help to encourage your teams to watch a little less of the TV news and read turn off the instant Coronavirus alerts that pop up on their phones. Doing this will help to reduce anxiety and hopefully also divert their minds to more productive topics, while benefiting their sleep patterns too.

As an aside, studies show that good sleep also helps our bodies effectively utilise the full benefits of vaccines. This will be important when the vaccine for COVID-19 is finally released. Until then, no harm in practising good sleep, right?

4. Eat healthy and regularly

Just like sportspeople feed off the energy of crowds in the stadiums, us office-going types feed off the energy of our colleagues. This energy is hard to find when we're all working from home.

Because energy can be both positive and negative, it's super important to maximise our intake of the right variety. If we're exercising and sleeping better then that's almost half the battle won.

Adding healthy food at regular intervals every day to this mix is a sureshot recipe for greater work-from-home productivity and better mental health.

In this age of empty supermarkets and panic buying I make it a point to ask my team at every morning huddle about whether they have enough food. Because if a supermarket is empty in their area, it might not be in mine and what better way to help someone than to deliver a care package.

5. Develop a daily virtual huddles schedule that everyone attends

Messenger systems like Slack and MS Teams may have revolutionised the way we communicate with our teams, but they are not enough in such strange and disconcerting times. We all need and cherish a human connection. So if we can't achieve this physically, then we should the phone or video conferencing substitutes.

I've found that it's good to start these meetings with a general well-being "check-in." Just a couple of sentences or questions can sometimes be enough to get a sense that they're not alone. That we're all in this together.

6. Survey your team to find out how they are really doing

Some of our team members prefer anonymous or written feedback as opposed to that given in a "public" forum like a daily virtual huddle. Such opinions are important in helping us as business leaders reflect on and fine tune our strategies.

Plus, by using a service like that provided by Best Employee Surveys you can use the information gathered to benchmark your team's attitudes and performance throughout this period and beyond. Just think about how valuable this data might be when your SaaS business is growing exponentially after the bounce and your HR team is trying to measure the value of all the team engagement ideas that you implemented during the pandemic.

A simple Google Forms or Typeform survey would also suffice as free alternatives here. The key, however, is to get your questions right - is this worth paying for?

7. Talk to your customers and let them influence your product roadmap

Sounds obvious right, but how often do we actually do it? I, for one, don't do it nearly enough when things are going well.

But if you are a B2B SaaS company, when you're checking in with your customers to make sure they're well, why not use the opportunity to gather some fresh intel about what they actually need?

In fact, MckInsey found that B2B companies who "care about open and honest dialogue with customers and society" are perceived by buyers as having greater brand strength.

Isn't this reason enough to get on the phone?

8. Lock down your application security

There are unfortunate elements among us who will try and exploit any lapse in our concentration when it comes to AppSec. These hackers pray on SaaS companies who put their app security in the "too hard" or "we'll do it later" baskets. Why? Because such companies leave open doors that hackers love waltzing in through.

Already during this pandemic, we've seen increased attack attempts on our clients' environments. Health SaaS companies in particular are under severe strain because of the nature of data they hold.

Here’s a quick list of must-do AppSec tasks that every SaaS team can implement and will cost you no extra to implement:
  1. Apply all patches and updates to any open source modules or libraries used in your SaaS app.
  2. Check for and close any ports that shouldn’t be open after each release.
  3. Ensure directory permissions are not set to 777 for all folders.
  4. Ensure your app’s HTTP security headers are appropriately configured – they can use the free Cyber Chief service to give them clear, actionable instructions.
  5. Repeat the above steps for all your environments – dev, test, pre-prod, staging, prod, etc.
If you are interested in a done-for-you AppSec subscription that provides on-demand application security, full penetration testing, all while making your developers more security-self-sufficient, then talk to my team about our web app AppSec plans.

9. Think about where you need to cut costs and also where you need to invest

HBR found that the businesses who prosper after recessions are not the ones that only cut costs or over-invest in growth. It seems a more balanced or "progressive" approach is required. HBR defines a progressive company as one which:
Progressive companies stay closely connected to customer needs—a powerful filter through which to make investment decisions.
Roaring Out Of Recession, Harvard Business Review, 2010
Rather than cutting costs by firing employees, progressive companies find savings through improving efficiencies and productivity. They use these savings to "judiciously increase spending on R&D and marketing, which may produce only modest benefits during the recession, but adds substantially to sales and profits afterward."

In SaaS terms you have to figure out whether everything you're doing right now is going to contribute to your future growth. How can you best position your SaaS company to capitalise on proven purchasing decision making factors like these?

What tools are you giving your sales team to answer your prospects' questions that they may never ask you, but still judge your product based on their perceptions alone? Are you missing really obvious cost sources that are bleeding you money and driving away prospects and existing customers?

10. Concentrate on something other than the Coronavirus

My favourite sports teams have stopped playing. Our favourite out-of-home excursion options might be in lock-down. The only thing the news channels are reporting is COVID-19 doom and economic gloom. In this environment, it's easy to fall into the trap of endlessly thinking and talking about the pandemic.

As a business leader I believe it's my responsibility to give my teams a chance to focus on something else. So how about stopping all Coronavirus talk in meetings after your virtual daily huddle is done? How about sharing upbeat Spotify playlists with your entire team so they can listen to something other than negative media channels throughout their day?

Remember that for maybe for the first time in human history, we are actually all in this together. Connect with me on LinkedIn to let me know how these ideas worked for your team or even if you’ve got some more ideas to expand this list.
By: Ayush Trivedi

Tuesday, 28 January 2020

It’s a combination of habit, hygiene and ultimately, common sense. When you finish eating dinner at home, do you place those plates and cutlery back in the drawer or do you wash them?

To re-frame this for you, your plates are on a regular hygiene schedule where eating from them is the trigger for them to be cleaned.

Let me ask you: what triggers the security hygiene schedule to be undertaken for the SaaS application that your team builds?

Do you have a “dish washing” process to find and eliminate the security vulnerabilities in your SaaS app?

Think about this: if your plates and spoons were to become unusable, they can be easily replaced with a trip to your closest shopping mall. However, if your cloud software is infested with security holes, then you’ll agree that it would take many more $$$’s and even more upheaval for you to contain the damage.

But my SaaS app hasn’t been hacked yet

“Yet” is the critical word here. In fact, statistics from the 2019 Vulnerability Statistics Report shows that a vulnerability in web applications is exposed for an average of 69 days before it is discovered.

That means hackers have a 2-month head start on your development team. What they could’ve installed, downloaded, ripped off or stolen from your servers in the last 2 months is mind-boggling:
  • Stolen your entire codebase (ie. your valuable IP)
  • Downloaded your customers’ sensitive data that they entrusted with you
  • Installed crypto mining software maxing out your server resources (have you had to add more capacity recently?)
  • Stolen your customers’ payment details if billing is integrated into your SaaS application
  • Accessed your secret keys and encryption keys to get back into your system at their leisure
You get the picture – the list really is endless.

But the thing is, the stat below is even more alarming. It says that it takes on average a further month for software development teams to fix the security vulnerabilities from the time that they are reported. That means your favourite criminal hacker's head start is now at least 3 months long!

But your SaaS app hasn’t been hacked yet, so you might forgive yourself for thinking...

…my SaaS app won't be hacked, so tell me something that will help me

You can take that risk if you want. After all we live in a (mostly) free world. But what if I gave you an upside to investing in your application security (AppSec) for your cloud software?

You see, IBM Security did a study of the purchasing habits of enterprise buyers. They found that the most important factor during a purchasing journey was the quality of the software. That is, the software should have no bugs.

The second most important aspect was security. That is, the cloud software should have no security vulnerabilities.

Now, as Tony Robbins reminds us, it’s not knowledge that is powerful, but the targeted application of that knowledge.

So, how can I apply this incredible insight to my benefit?

My company, Audacix, is a SaaS company. Many of the world’s biggest companies use our SaaS test automation software. So, like you, we were also keen to figure out how to exploit this information.

We knew that most of our competitors usually focus on pitching their product’s features and benefits throughout the sales process.

Differentiating our solution based on features and benefits was getting harder. After a while, in buyers’ minds, all the features start melding into one massive blob of sales speak.

To get ahead of the pack, we decided to focus on the data and show our prospects a part of us that our competitors were either trying to hide or neglecting altogether.

So, we turned our app’s security into a differentiator. From the start of a sales process.

Now, what consistently gets us through to the final stages (and beyond) of enterprise sales conversations is a clear understanding of our prospect’s priorities. You see, our SaaS app’s features are meaningless to large enterprises if there is even the slightest chance that your app will leak their sensitive data.

We literally show our prospects the lengths we travel to protect their data and their brand, ie. we literally show them our “dish washing” schedule and its results.

When you start a sales process based on trust, rather than features and benefits, you’re more likely to actually close the sale.

Don’t get me wrong, we don’t win deals because of our security resilience alone. But because we have hardcopy evidence to back up our security claims, our ability to prove our security resilience builds trust fast. This has huge benefits for the other aspects of our pitch.
When you start a sales process based on trust, rather than features and benefits, you’re more likely to actually close the sale.

Ok, what AppSec work can my team get started on by themselves?

There are definitely things your development team should do before engaging a AppSec company to do an exhaustive web application and API penetration test on your cloud software.

Here’s a quick list of must-do AppSec tasks that will cost you no extra to implement:
  1. Apply all patches and updates to any open source modules or libraries used in your SaaS app.
  2. Check for and close any ports that shouldn’t be open after each release.
  3. Ensure directory permissions are not set to 777 for all folders.
  4. Ensure your app’s HTTP security headers are appropriately configured – they can use the free Cyber Chief service to give them clear, actionable instructions.
  5. Repeat the above steps for all your environments – dev, test, pre-prod, staging, prod, etc.
Once your team have done all the above for a few consecutive releases, then you’ll know that they’re starting to implement the dish washing schedule in your app development process.

You should accept that doing application security properly is more like scrubbing heavily soiled pots, as opposed to putting your breakfast bowls in the dishwasher – it will take many cleaning iterations.

If a) your team is handling the above steps well and you’re ready to take your AppSec to the next level where it helps your sales process, or b) you want a done-for-you AppSec solution talk to our team about whether we may be able to help you.
By: Ayush Trivedi