Who is DotSys?
DotSys has been operating for over 20 years, developing applications for insurance companies. Their offerings include web-based solutions that allow insurers to sell policies directly to the public, alongside a back-office system for customer policy management, claims processing, financial tracking, and marketing. As a company with a solid reputation in the insurance technology space, DotSys has consistently prioritised customer satisfaction and compliance with regulatory standards.
When it came to penetration testing and ensuring the security of their applications and infrastructure, DotSys had previously worked with another vendor. However, a recommendation from a trusted partner prompted them to onboard with OnSecurity earlier this year.
In this case study, we sit down with James Steele, IT Director, to hear their experience so far.
The Security Challenge
With a well-established presence in the insurance industry, DotSys has always prioritised rigorous security to meet the needs of customers and compliance regulations to ensure its systems are secure.
Their previous pentesting vendor delivered extensive, cumbersome HTML reports, which made it difficult for DotSys to analyse, remediate, or delegate issues efficiently.
DotSys was looking for a partner who could bring clarity and simplicity to the penetration testing process.
The Solution: OnSecurity’s Platform-Based Approach
DotSys engaged OnSecurity for penetration testing, including web application tests, internal cloud testing, and infrastructure testing, as part of their annual testing portfolio.
While talking with James and understanding his experience so far, two key differentiators stood out during their engagement:
1. The OnSecurity Platform
The interactive platform transformed the way DotSys managed and monitored penetration testing. Unlike their previous vendor’s lengthy reports, the dashboard presented the results in a clear, streamlined, and actionable format, allowing their team to focus only on relevant vulnerabilities.
Using the Access Groups feature, James was able to delegate tasks to the appropriate team members efficiently: “It was handy because I could let the Head of Software Development and Head of Infrastructure access reports and communicate directly with testers, which ultimately saved me time and removed me as the middleman.”
2. Human Intelligence Beyond Automation
OnSecurity’s approach wasn’t just about automated scans. Their team provided a detailed analysis and context for vulnerabilities beyond a static report.
Why is this valuable to the client?
Dotsy’s previous vendor flagged the use of an outdated jQuery library as vulnerable; however, with a sprinkle of human logic, OnSecurity’s testers confirmed that the specific vulnerability did not apply to Dotsy’s implementation. This logic insight saved DotSys significant time and effort, as they didn’t have to update the false positive.
The Results?
DotSys highlighted several benefits of working with OnSecurity. In particular, the real-time updates enabled the team to streamline their remediation efforts. The integrative platform is accessible for all teams, meaning: “I can just let the team get on with it. They’re the experts, and they can respond directly to the OnSecurity testers within the platform. It saved me a lot of time.”
The Verdict
DotSys is highly satisfied with their transition to OnSecurity and would recommend their services to others seeking a smoother, more effective penetration testing experience.
“OnSecurity has made managing penetration tests a lot easier. The platform simplifies everything, and it’s streamlined and pain-free. The fact that it lets you focus on what’s relevant while offering clear remediation steps is a big improvement compared to what we’ve used before.”
Securing a future partnership with OnSecurity
As OnSecurity continues to support DotSys, the company is well-positioned to maintain compliance and strengthen their security posture.
This case study demonstrates how OnSecurity’s modern, platform-driven approach and human-centric testing can transform the penetration testing experience, saving time, enhancing clarity, and enabling businesses like DotSys to focus on what they do best.
Looking to streamline your pentesting experience significantly? Get an instant quote today.
