Appvigil Case Study

About Appvigil

Appvigil, is a Mobile App Security Scanner on Cloud, used by many developers. With Appvigil, app developers, administrators, QA managers, CIO/CISOs can check their App for security vulnerabilities or loopholes in their mobile app in any stage of their app lifecycle. For example they can test their app for security vulnerabilities during the development, after the development, before production etc. Appvigil can scan source code or public APK file or both to ensure that your app is safe against android malwares & attackers through multiple exhaustive static & dynamic analyses. It helps businesses reduce risk at early stage in their business where the cost of damage is less. We are running hundreds of scans a day & helping developers building secure application. The company, with 8 employees, is based in Mumbai City, India with office located inside IIT Bombay.

The Challenge

Appvigil performs computation exhaustive analysis at backend for every scan which take several minutes. Our scan relies on these time & CPU consuming scans which we perform on our server with several requests coming for scanning apps. We cannot setup full time server with high RAM & CPU capacity to scan these apps. Especially where the number of requests varies with time. “We needed some scalable server with a priority queue to distribute the load equally on multiple servers & effectively utilize the server capacity,” says Toshendra Sharma, CEO, Wegilant.

Why Amazon Web Services

Appvigil was already using Amazon Web Services (AWS) for web server, storage and testing, “We explored the option AWS Cloud could give us & found a combination to be perfect for the Appvigil case that is EC2 + ELB + S3 + Elastic Cache + SQS”, Added Toshendra, CEO, Wegilant.

For their computation exhaustive analysis of mobile apps for security, company is now using above combination of AWS features and serving their customers with a very less turnaround time. Security scan request are segmented into multiple datasets and independently processed at same time. For every scan request from user Appvigil job manager creates a job and store it in AWS SQS. AWS EC2 worker instances pull the job request from the queue and process the scan. EC2 worker instances are launched on demand.

“Developers are impatient they want their report quickly without waiting for days for the report. We could have never done that without increasing the cost of our security audit. Which is now possible with such beautiful combination,” Toshendra says.

The company uses Amazon Simple Storage Service (Amazon S3) to store scans and other data. “We are also using Elastic Cache, which has allowed us to strengthen our servers that run best on Amazon Elastic Compute Cloud (Amazon EC2) and have quickly finishes the scan & generate reports.” Toshendra says.

The Benefits

Toshendra estimates that AWS will reduce the server costs significantly. More ever the ability to scale on demand makes it full proof for peak hour traffic. “we were able to automate 90% of the infrastructure managed services using AWS APIs, this not only saved us managed services cost but also my team can focus on strategic initiatives than managing server fleet” Toshendra concludes, AWS is the best option for SaaS infrastructure.