Case Study: Hesk achieves automated, scalable web application security and safer releases with Invicti's Netsparker

Hesk Developer Uses Netsparker to Automate Web Application Security

Hesk, a one-person developer of free Help Desk software with an estimated 50k–100k installations and a 100k+ line codebase, needed a way to scale and automate web application security without a large security team. Hesk turned to Invicti, using Netsparker Enterprise (Netsparker Cloud) to add automated, repeatable scanning into its development and release process.

Invicti’s Netsparker scans allowed Hesk to run full and re-scans in minutes, surface prioritized findings with low false positives, and integrate checks before every release. The tool uncovered a confirmed XSS in the admin panel and drove several concrete hardening fixes—forcing SSL, marking cookies Secure and HttpOnly, and adding X-Frame-Options—resulting in faster triage, higher developer confidence, and a more secure release workflow.

Hesk

Klemen Stirn

The Project-Lead, Developer and Support Team