Who is Breef?
Breef is a two-sided marketplace that connects brands with marketing agencies. Whether it’s a Fortune 500 company needing emergency campaign support or a solo entrepreneur hiring their first agency, Breef makes it simple. They help brands craft detailed project scopes and match them with 10–15 top-fitting agencies from a global database of over 40,000.
Judson, who recently joined Breef as Lead Engineer, brings a background in highly regulated industries like tax and fintech. Although Breef operates in a less regulated environment, Judson was eager to introduce better security practices, including regular penetration testing, from the outset.
Despite minimal regulatory pressure, Breef recognised that security diligence would benefit their platform’s integrity and provide peace of mind for both clients and agencies. Customer requirements and general security best practices made proactive pentesting a top priority for Judson and his security team.
Connecting reporting, communication and integrations in one cohesive platform
The security requirement
Breef partnered with OnSecurity to conduct a penetration test on their primary web application. This engagement was managed and executed entirely through OnSecurity’s platform, offering real-time visibility, direct tester communication, and integration with Breef’s existing tooling.
The solution
Judson highlighted several standout features that supported their efficient testing experience. Through OnSecurity, the team achieved:
-
Real-time vulnerability reporting enabled Breef to fix its highest-severity vulnerability almost immediately, significantly accelerating remediation and reducing the risk of exposure.
“Typically you wait weeks after the test to get a report. With OnSecurity, we could address critical issues within days in some cases, before the test was even finished.”
-
Jira integration for seamless ticket creation, which removed the manual overhead of transferring findings from a report into their task management system.
“It saved at least half a day of manual work. Maybe more. Waking up to new Jira tickets with all the screenshots and context was huge for our teams.”
-
Collaborative issue tracking via direct comment threads between engineers and testers.
The result
Today, Breef uses the OnSecurity platform to manage its security in one centralised location. Using the platform, they experienced:
- Speed and simplicity: From signing the contract to completing the test, the whole process took around 14 days. The test itself was completed in just 2–3 days.
- Improved team agility: High-priority issues were addressed within days thanks to early visibility.
- Enhanced workflow: Jira tickets were generated automatically, saving up to half a day of manual effort.
- Efficient collaboration: Rather than scheduling calls or navigating delays, testers and engineers could comment directly on findings in-platform, enabling fast clarification and issue resolution.
“Using OnSecurity was definitely one of the easiest and quickest pentest experiences I’ve ever had.”
Breef’s story demonstrated how the OnSecurity platform can provide security teams the visibility, automation and scalability needed to support modern security issues and growing teams. Improve your security and get an instant quote today.
