Company Size

Startup

Company Location

California

Testing Type

Security

App Type

Web

Testing Coverage

Global

Tongal

Stepping Up Security as a Company Grows

Creating content for major brands wasn’t always an easy field to break into. At least not before entrepreneur Rob Salvatore co-founded Tongal. Using the principles of crowdsourcing, Tongal connects the world’s biggest brands to a network of professional content creators who “unlock creative possibilities” through original video campaigns.

“We have a community of everybody,” explained Rob. “It’s not just filmmakers; we have producers, animators, actors. Anybody could have a good idea, and that’s the premise we’ve built on. People can be brushing their teeth, in the shower, driving to work and have a spark. Our platform gives them a way to get rewarded for those ideas.”

As the platform grew in terms of activity, users and transactions, it occurred to Rob and his team that their application could be susceptible to malicious behavior. Since they were working with big brands (with lots of sensitive intellectual property) they figured it was better to be safe than sorry.

"We had always developed our platform from a functional perspective. We rarely thought about our design in terms of how a hacker might look at it. Once you start thinking like that, it introduces a whole other dynamic. Thankfully we found uTest to help us with security testing."
-- Rob Salvatore, Co-Founder and CEO, Tongal

This brief case study will highlight how Tongal used a fellow crowdsourcing company to ensure their platform wasn’t only functional, but secure enough for their enterprise-level customers.

Tongal: Meeting Enterprise Security Expectations

As Tongal attracted some of the biggest companies in the world, it became clear that those new customers expected Tongal’s platform security to be on the same level as the brands’ own security practices. Thus, Tongal turned to uTest’s white-hat security experts to check for common vulnerabilities like XSS and other issues. In addition, the testers were also told to probe for other security vulnerabilities at their own discretion (on a staging environment, of course). Unsure of what to expect, Rob and his team were immediately impressed.

“They really tried to understand what permissions we were using and how they could be exploited by malicious persons,” said Eugene Retunsky, the company’s lead developer. “For example, they explored the API and found out how to hack a file, how to change a password in a file, how to move a file and how to take possession of a file. Those things had never happened before, but they those are the type of issues that can do a lot of damage.”

Rob and Eugene, who had been testing the site themselves, developed a deep appreciation for the role that security testing plays in the greater QA process.

“I don’t think we realized exactly how vulnerable things were,” said Rob. “We learned a lot from them.”

The Benefits of Crowdsouring

Using a crowdsourced software testing company was important to Tongal because of the company’s dedication to a similar business model.

“We thought it would be kind of true to what we were doing at Tongal,” Rob said. “I think there’s an interesting parallel there.”

Tongal is also a believer in dispersed talent instead of relying in a group of people in one central location. When it came time to ramp up Tongal’s testing efforts, Rob sought out a similar mixture of talent through uTest’s worldwide community.

“There are people everywhere – in the middle of nowhere, in the middle of a major city – that can do this work,” Rob said. “In a lot of ways, the most talented people are out there, they’re just not in the major companies and major places.”

Conclusion

In working with uTest, Rob realized that as Tongal grows and attracts larger clients, they cannot focus solely on platform functionality.

“Testing with uTest opened our eyes up to the fact that there’s a whole other dynamic to it, more than just designing based on functionality,” Rob said.

He also realized that as Tongal’s popularity increases, the company may become a target for hackers. But after working with uTest, he feels prepared.

"When you raise your business, there’s a lot more eyes on it, some of them malicious. I’m glad we did this security testing when we did it. We feel a lot better about where we are now."
-- Rob Salvatore, Co-Founder and CEO, Tongal
Open Announmcement
uTest and Appplause Banner

Heard the news?

In early 2014, uTest will be changing its name to Applause. With an expanded app quality offering including test services, tools, SDKs & integrated analytics, we will do even more to help companies delight their web & mobile users.

The uTest name will live on in our tester community, with an expanded offering for all facets of a tester’s professional life. This includes paid testing projects, hands-on training, networking, events, career resources & more.

While we’ve got a lot of work to do, we’re pumped to tackle both of these bigger, bolder challenges. Get the details on this news here.