5-3-2025
Hackathon at Zooma
Recently at Zooma, in collaboration with experienced ethical hackers, we organized a hackathon. The purpose of events like this is to continuously test our ways of working in terms of developing our software securely. And to learn about how hackers think and work. And it also turned out to be very valuable because we discovered a vulnerability in one of our own software products!
Zooma is a technical development agency specializing in custom digital products. As part of our ISO 27001 certification, we annually organize several "awareness sessions" in which we make our team extra aware of the security risks surrounding software development. By continuously testing our development policies and methods in this way, we create secure and stable digital products for our partners and our own concepts in the long term. We also regularly have our software pentested by external independent ethical hackers. But this time we invited the hackers to our office to put our team to the test!
The hackaton started with an interesting presentation in which the ethical hackers explained how malicious hackers think and what tools and strategy they apply. And what methods and tools we as developers can apply to minimize the chance of a vulnerability or hack. After the presentation, fifteen Zooma developers gathered in groups to try, under the guidance of the professional ethical hackers, to detect vulnerabilities in our own software projects.
And indeed, during this session a vulnerability was discovered in one of our software products. A bit of a scare of course but thanks to our clear ISO 270001 policy we were able to intervene immediately and take the right steps quickly. Immediately after discovery we closed the leak and put a new, improved version live. In addition, according to our "data breach protocol," we immediately notified the relevant partner about the necessary changes.
What this experience taught us is that even the best preparations and various pen tests by external parties do not eliminate all risks. And it is also a confirmation that our internal controls and sessions, even if time-consuming, have done their job. Our internal knowledge-sharing sessions ensure that Zooma developers are up to date with the latest techniques and security risks. Because besides the fact that we naturally build very beautiful apps and websites, it is crucial that the software is developed in a secure and responsible way.
Curious about how we as Zooma are constantly challenging and improving ourselves? Keep an eye on our blog!
Next