But first, some context
Our client’s web application is a platform for end consumers to select and book seats for events, and for corporate partners (organisers and cinema owners) to list shows, do mobile ticketing, and digital marketing for those events.
The app is highly scalable, built on microservices architecture that heavily leverages cloud native technologies such as Docker & Kubernetes.
Although the company’s development practices were cutting edge, their AppSec process was lagging far behind. Assessments were conducted only a few times in a year to maintain their PCI compliance certification.
Given how modern their tech stack was, their AppSec practices left much to be desired. Things needed to change around here, and fast.