Codean customer story: how we help HoorayHR to stay secure
Next to supplying our review environment to security professionals, we deliver pentest services. Amongst others for HoorayHR, an all-in-one HR platform for SMEs. Founders Bas Sponselee and Theo Schroen started the company in 2019 for a great reason: their own frustration. With their previous company they were spending too much time and energy on all kinds of HR processes, and couldn’t find good tooling. So they decided to build it themselves. Now they’re making thousands of HR Managers and entrepreneurs happy.
And of course they want to service their customers in a secure way, so they approached us for a pentest. In 2022 we performed a pentest where we combined code review with regular (black box) hacking in a test environment. This combination strengthens both practices according to our ethical hackers: code review gains insight on where to direct an attack, hacking a test environment validates the findings from the code review, and testing the application like a hacker provides insights where in the code we can find vulnerabilities.
After the pentest the developers from HoorayHR fixed the findings with our guidance. And then we started the continuous security analysis: every sprint an analyst reviews the newly developed code (the new commits). This way of working fits the trend of not fixing security once a year, but continuously; as with CI/CD you also continuously commit new code and thereby introduce potential new vulnerabilities. CTO Bas Sponselee is happy with the service: “I have to worry less about security anymore. It’s like we have an extra person on our team that takes care of that. Continuously.”
He also recently has gone through the intense process of an ISO certification, with positive results: “also our auditors valued the fact we embedded security in a clear process. And that Codean focussing on our security, so we can focus on the things we’re good at.”
Great to hear Bas Sponselee, we’ll stay sharp on your code to keep HoorayHR secure!