Immunity Systems

Please describe your company and your position there.

Dogmat Systemy Services Sp. z o.o. is one of the first companies in Poland to deal with debt management. For almost 20 years, we have developed effective procedures, an original program, and a methodology that works well.

For what projects/services did your company hire Immunity Systems?

We hired Immunity Systems Sp. z o.o. to verify the security of our web platform. We had to quickly verify and improve the security of our web platform before the next important release.

How did you select this vendor and what were the deciding factors?

We received references from our partner and sent an inquiry to Immunity Systems. After receiving the offer from the company, the Management Board initially accepted it. After internal consultation with our partner, we decided that the audit would be performed by this company.

Describe the project in detail and walk through the stages of the project.

Our newly implemented system had to be verified in terms of security. First, there were several meetings where we presented the specification of our company, showed the operation of our system and set the goals that we want to achieve during the project. Immunity Systems reliably checked the security of our application in the allotted time, and then repeatedly performed a thorough retest.

How many resources from the vendor's team worked with you, and what were their positions?

The team consisted of several Engineers with many years of experience. Additionally, the contact with us was supervised by the Project Manager.

Can you share any outcomes from the project that demonstrate progress or success?

Thanks to the cooperation with Immunity Systems, we received the client's permission to implement our system. After the tests were completed, we received a comprehensive report that includes a description of the work carried out (scope and methodology of work). There is a management executive at the beginning of the document, where we can find the most important information from the document, described clearly and simply that can be understood by non-technical people. Each identified vulnerability is described in great detail later in the document. The contractor describes the potential effects of exploiting the vulnerability and the method of repair.

How effective was the workflow between your team and theirs?

The workflow between the Immunity Systems and our team was very effective. Thanks to quick communication, the project ran smoothly. We contacted through online meetings, by e-mail and by phone.

What did you find most impressive or unique about this company?

Immunity Systems demonstrated high substantive knowledge and commitment to the work performed.

Are there any areas for improvement or something they could have done differently?

In our opinion, the project was very successful. No areas for improvement.

Please describe your company and your position there.

We are a global product company. Our SaaS allows thousands of our clients around the globe to manage their businesses, and to connect them with millions of their clients via our Marketplace.

Currently, we have more than 200 direct employees around the globe. I’m one of Engineering Managers working closely with a part of our product&engineering structures, as we’re constantly developing our product.

For what projects/services did your company hire Immunity Systems?

We were looking for an external security audit of our platform.

What were your goals for this project?

The goal was to prepare a security assessment of our platform, including a map of risks and a backlog of potential vulnerabilities to improve. We wanted the contractor to be as independent as possible, to limit our direct involvement in the project.

How did you select Immunity Systems?

We’ve searched online for similar companies. Based on the references and opinions we’ve contacted with 5 of them. The final decision was made based on the independence of the self-assessment of the scope, agility and speed of communication, and availability for the project.

Describe the project in detail.

Firstly we’ve shortly prepared the sandbox environment, and then the assessment has started, using manual and automated work. The critical findings we were receiving on the fly, and that allowed us to work on fixes as soon as possible.

Later we received the final and the full report. Last but not least - the vulnerabilities were retested after we were able to mitigate them.

What was the team composition?

Two very experienced security engineers were involved on the first line, some additional help was available in the background.

Can you share any outcomes from the project that demonstrate progress or success?

A very mature approach to the security in general. We’ve received very detailed descriptions of the findings, including a lot of screenshots, step-by-step descriptions of how to reproduce the attacks, the importance and the risk details, and arguments against the proposed vulnerability level. Also, a lot of additional comments were provided bidirectional, wherever we had to share a broader context.

How effective was the workflow between your team and theirs?

The ongoing communication was very fast and fluent - that sped up the whole project and minimized the amount of our involvement. We were using mostly our everyday tools of (remote) communication with the contractor, who quickly adapted to them.

This helped us reduce the amount of context switches, and allowed us to talk directly with the most suitable people from our teams. In some cases, we additionally used phone calls, video calls and emails.

What did you find most impressive about this company?

The speed of work, the agility of decisions depending on constantly changing context, inquisitiveness in looking for unusual flows. Also thinking of a broader than a purely technical perspective, including the risks of business flows.

Are there any areas for improvement?

In some parts of the draft of the final report, the English language used was not grammatically perfect. Nonetheless, it did not interfere with the understanding of the matter and the merits.

Please describe your company and your position there.

Epaka.pl is a platform that allows one to easy compare and order courier services. One can place its order via our website, or by visiting one of our near 300 points effortlessly. 

For what projects/services did your company hire Immunity Systems?

Immunity Systems was hired for complexive investigation targeted for potential IT security issues, exploit them and test our emergency protocols and procedures. Main goal was to reveal cybersecurity weakest points in organization and to develop list of recommendations, the inclusion of which will eliminate these weaknesses.

How did you select Immunity Systems?

Vendor was selected by us according to great reviews which was given to us by their past clients. Great price-to-value ratio offerred by Immunity Systems was also deciding factor.

Describe the project in detail.

Project was divided into several parts which included: heuristic research of security systems architecture and detection of its vulnerabilities followed by system penetraion tests and developing list of recomendations for security level upgarde.

How effective was the workflow between your team and theirs?

We were astonished by the professionalism and smooth communication with the Immunity Systems team. From first to last minute of the project they've been giving us their valuable insights and ideas to maximize efectiveness of our actions.

What did you find most impressive about this company?

Immunity Systems team extraordinary knowledge about cyber-security topics was one thing which gave us great impression.

Please describe your company and your position there.

We are Financial Services company that brings fast, online services for our clients.

For what projects/services did your company hire Immunity Systems?

We had to verify security of our web platform.

What were your goals for this project?

We had to quickly verify and improve security of our web platform before nest important release.

How did you select Immunity Systems?

We received references from our group partner as one of top partners in cyber security and penetration tests.

Describe the project in detail.

After next big release of our core system, we had to verify security of our web platform. After few meetings describing our project, architecture and goals Immunity Systems "attacked" our test environment. As a result, we could spot some shortcomings, and correct them.

What was the team composition?

We dedicated two admins, two developers, business process owner from client side. Immunity Systems provided three specialists to learn about our processes and test the security of the system.

Can you share any outcomes from the project that demonstrate progress or success?

As a result of a cooperation with Immunity Systems, we got an acceptance from a big partner, that allowed us to begin new, important integration.

How effective was the workflow between your team and theirs?

We managed to achieve quick win, meet short deadlines and fix issues. The communication and understanding was on a very good level without unnecessary blockers and formalities.

What did you find most impressive about this company?

The team's good adjustment to the client zie, style of work, and needs really impressed us.

Are there any areas for improvement?

I see no areas of improvement based on such short successful project.