Use Case
Combing security tools for faster remediation
Industry
Internet Software and Services
Company
Breathe Life
Location
Montreal, Quebec
HAWKSOME CUSTOMER SUCCESS STORY
Breathe Life Deploys StackHawk and Snyk for a
Dev-Centric Application Security Program
BACKGROUND
“In the insurance industry, we're dealing with very sensitive data,” said François Allard, Breathe Life’s Director of Engineering for Platform Teams, “We're subject to very strict regulations and laws because we handle PII and PHI like Quebec's Bill 64, the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA), for example... We know that in order to scale, we need to put security up front in our process.”
Allard went searching for developer-centric security tooling that would make it simple to scale application security across the entire engineering organization at Breathe Life.
“We’re not trying to come up with a new way of working, we're pulling on industry best practices. We can see the value it provides by knowing upfront that our product is secure. Waiting until production becomes a lot more costly and also introduces the potential for a breach."
To execute upon this vision, Allard began searching for developer-centric security tools that could be integrated into the development process. Of equal importance was a model of security that allowed for individual developers to take ownership of the code they were creating.
CHOOSING A SOLUTION
Allard knew there was no silver bullet to solve all of the needs he had for application security. Instead, he sought to find best-in-class tools that would make his vision for a scaled application security program possible.
He first discovered Snyk, and later StackHawk, and recognized that the two had a “similar dev-centric approach.” As a result, he chose to build a program with these two partners.
While Snyk’s SCA tool helped Breathe Life secure the open source libraries they used, Allard was also looking for a Dynamic Application Security Testing (DAST) tool, to ensure that Breathe Life’s proprietary code was also protected.
His team was building a Single Page App that relied on Javascript and backing APIs. Existing tools in the market were falling short of what Allard knew he needed.
EXPERIENCE WITH STACKHAWK
“One of StackHawk’s key differentiators was the ability to leverage the Open API spec in order to better scan the application. The typical Ajax spider from other products are pretty limited in what they could find… there was no real part of our application that was tested,” said Allard, “The StackHawk scan with the Open API showed us that the real application was being tested and it's not just checking the box to meet some compliance requirement that we have.”
But it wasn’t just the findings that impressed Allard. It was also what his team could do with them.
“Managing findings is another thing we like with StackHawk. Being able to easily manage those, and not adding noise to scans when you have the same thing over and over is super helpful,” said Allard.
Allard is early in the journey of deploying Snyk and StackHawk, but is already reaping the benefits of having greater confidence in the code that is shipped.
About Breathe
Breathe Life is a life insurance technology company that has built a platform making it easier for life insurance carriers to distribute products.
Get Hands-On Experience
Give Us A Test Drive!
Take control of your AppSec program with StackHawk. Discover, Test, and gain Continuous Oversight. Get started!