Case Study by Ranga Kaluarachchi - CTO, HUBBED
The Background
HUBBED is a parcel pick-up and drop-off network (PUDO) with over 2000 locations Australia wide. Our network offers 24/7, extended hour collection points and provides a trusted, reliable and sustainable parcel solution for the eCommerce industry.
With secure over the counter and smart parcel locker sites, we partner with national and global brands through key retail verticals; convenience, petrol, self-storage, packaging logistics, automotive and printing.
Our products include click and collect, return and missed deliveries solutions which are agnostic and easily integrated with existing carriers and retailer systems.
The Goal
Ultimately, we need to be able to provide clients and potential clients with the confidence that our software as a solution is absolutely secure - and that the data we hold on their behalf and the processes we implement to manage it are not at risk of a breach. To do this, we need a third party to provide external reviews and advice to fix any vulnerabilities.
When we started to search for that third party, we were looking for a vendor with whom we could develop a long-term relationship.
The Selection Process
We evaluated three organisations with three main criteria in mind: We wanted a company that would become a partner for the long term, that would be responsive, and that came with strong recommendations.
A colleague recommended The Missing Link, they were responsive to our requests, providing information within the short time-frame, and they were competitive in pricing – not the cheapest, but competitive.
Our Relationship
Working with The Missing Link has been a good experience. The Penetration Testing they did was a relatively straightforward process; it was well thought out and explained. The Missing Link engaged all the parties to gather information, and we were given a plan as to how the testing would be implemented. To smooth the way, we created some videos to educate the penetration testers on how our system works and how they could access it.
During testing, The Missing Link uncovered a couple of vulnerabilities which they reported immediately. These were small vulnerabilities that would not have been revealed without testing of this kind; however, they were important to fix. The Missing Link provided detailed directions on how to do this, accompanied by screenshots, and then they went through the fix with our developers on a shared screen. This level of responsiveness and guidance meant the vulnerabilities were rectified well before the testing was completed.
The Difference
The Missing Link has made the process around security and vulnerability assessment a painless experience. Their capability to discover vulnerabilities, and their knowledge to support us means we can feel confident that our software as a solution is thoroughly secure and tested. This means we can now respond to queries about security from our partners with confidence, and we can reassure them that we can meet our obligations to them.
