Case Study: Shopify automates web security testing at scale with PortSwigger Burp Suite DAST

Shopify Automating web security testing at scale with Burp Suite Enterprise Edition

Shopify, an all-in-one commerce platform, needed to scale its security testing processes to handle the increasing number of third-party applications on its App Store. The company sought a solution to automate dynamic web application security testing (DAST) to efficiently find common vulnerabilities like cross-site scripting (XSS) and cross-site request forgery (CSRF) across thousands of apps. PortSwigger was the vendor selected to address this challenge with its Burp Suite DAST product.

The solution implemented by PortSwigger involved integrating Burp Suite DAST into Shopify's existing custom security testing infrastructure. This allowed for fully automated scanning that initialized as part of Shopify's application review process. As a result, PortSwigger's solution enabled Shopify to effectively automate security at scale, catching critical web vulnerabilities. A key benefit was that the tool seamlessly fit with the team's existing expertise, as they were already familiar with the Burp Suite ecosystem from using Burp Suite Professional for manual testing.

Shopify

Leanne Shapton

Application Security Engineer