CUSTOMER SUCCESS

Reducing Application Vulnerabilities and Overall Business Risk

Serving up and delivering digital applications on time

Tillster Case Study Cover Image

Organization Snapshot

Industry : E-commerce, Digital Ordering, Payment and Promotions for Quick Service Restaurants and Casual Dining

Location : U.S., Europe, and Asia-Pacific | HQ Location: San Diego, CA

Challenge : Improve and simplify Tillster’s application security by incorporating a more active and dynamic vulnerability assessment system. Additionally, provide guidance to Tillster’s DevOps team to achieve optimal protection within the entire SDLC.

“We brought Contrast in for the best practices in software development.”
Daryl White
Vice President, IT & Security, Tillster

Overview

Tillster is a privately held e-commerce company and a global leader in self-service digital ordering, improved customer insights, and guest engagement. The firm empowers casual dining and quick service multi-tenant restaurants and consumers to engage and transact anywhere, anytime, from any device – one consumer at a time, one order at a time, billions of times over.

The company provides multi-channel, market-specific digital solutions for ordering, payment, loyalty and lifestyle management that integrate across online, mobile, tablet, kiosk and call center platforms.

Tillster has partnerships with over 100 restaurant brands, supporting more than 40,000 locations, and providing over 35,000,000 digital orders per year. Some of its most noteworthy clients include the world’s leading brands such as Pizza Hut, Arby’s, Burger King, and Steak ‘n Shake.

As a company that uses SaaS, Tillster faces development and operation security issues daily. A small team of developers is responsible for meeting PCI Data Security Standard requirements while actively addressing security issues—as well as maintaining functionality and delivering software updates. Partnering with Contrast Security empowers Tillster’s developers to work more efficiently and deliver robust software within SDLC best practices.

CHALLENGES

FOOD FOR THOUGHT – SECURELY BALANCING INTERNAL AND EXTERNAL PRACTICES

Tillster works in compliance with OWASP’s top 10 application security risks and mobile application guidelines. In addition, the firm runs scans and penetration tests in order to meet PCI standards. Contrast enables Tillster’s 75+ developers to address security issues during the development process, when the cost of doing so is lower. As a result, developers are able to focus more on their 30+ tenants, while the internal facets of the SDLC are monitored and remediated with the help of Contrast Assess.

“We use Contrast to actively integrate security into the SDLC. We have other tools that monitor code quality, but they don’t look for security issues. Contrast allows developers to see in real-time, the impact of their coding decisions so that they can make changes.”

Kamran Izadpanah
CTO, Tillster

PLUGGING SECURITY PATCHES

Patch management is critical for keeping Tillster’s applications safe. 99% of software exploits are based on known vulnerabilities, many of which have patches that could fix them. Contrast addresses this by helping Tillster find the latest code changes to improve application security systems and networks.

DELIVERING SECURE SOFTWARE ON SCHEDULE

Tillster operates as a mixed waterfall/Agile development shop. While basic development work follows Agile and DevOps methodologies, client-specific requests are delivered according to a scheduled software release. Feature function and delivery dates are paramount for clients. While it’s imperative that security issues do not cause delays, it’s equally important that the software in production does not pose a risk to restaurants or consumer data. Contrast Assess supports Tillster’s secure development processes by operating inside applications to uncover vulnerabilities, prevent data breaches, and provide security throughout the entire application lifecycle. As a result, Tillster’s developers have the tools to rapidly solve security problems wherever and whenever they arise.

RESULTS

After successfully integrating Contrast Assess into the SDLC, Tillster enjoys 24/7 real-time monitoring, application analysis, and clear and specific instruction on how to fix vulnerabilities. Thanks to Contrast Security’s combination of interactive, static, and dynamic application security testing technology, Tillster can track and analyze vulnerabilities to a specific line of code and remediate them before they become a liability. As a result, Tillster has ongoing assurance that its customer-facing software is secure. Furthermore, their online and mobile ordering solution delivers a consistent, secure experience for every customer, every time, regardless of channel or device.

  • Deployment of agents that monitor code and report from inside applications
  • Identification of vulnerabilities with guidance to fix them
  • More efficient attack planning and tracking
  • A distributed approach that easily scales across the application portfolio
  • Significant reduction in application security workload
  • Static, dynamic, and runtime security technology

Reading on the go?

Download a PDF of this case study to save it for later.
Download PDF
cta-background-image.png

Discover how easy it is to spot and stop attacks.

See what the new era of self-protecting software looks like. Schedule your live demo.
GET DEMO