StackHawk
Hamburger Icon
alternativeText

Use Case

Formalize their security process


Industry

Nonprofit-Owned Public Benefit Corporation


Company

Change.org


Location

San Francisco, USA

AWESOME CUSTOMER SUCCESS STORY

Change.org Brings in  

Dev-First Security Solutions 

to Improve Security Posture

BACKGROUND

Change.org recognized the need to formalize its security processes. Prior to this, individual engineers were handling security in isolation, leading to inconsistencies in scanning and addressing vulnerabilities. The team needed a way to improve their security posture and effectively protect their platform and users at scale.This lack of standardization prompted Change.org's security team to seek effective partners. Enter Snyk and StackHawk.

Left Quote
“Having tools like Snyk and StackHawk that align with Change.org’s rapid development and deployment ethos is crucial for maintaining the trust of users.”
Right Quote

— Will Whittaker, Principal Security Engineer

THE PROBLEM
THE PROBLEM

As a software company operating primarily as a website, Change.org's core is its code. Insecure or vulnerable code poses significant risks, especially when dealing with critical petitions and the sensitive data of millions of daily users. Addressing this challenge became a top priority for the security team.

THE SOLUTION
THE SOLUTION

Change.org, hosted on AWS, integrated Snyk's Static Application Security Testing (SAST) with StackHawk's Dynamic Application Security Testing solution. Change.org can now seamlessly test code for security issues prior to deployment, enabling engineers to "shift left" by finding and fixing vulnerabilities before they reach production and improving operational efficiency.

THE RESULTS
THE RESULTS

Vulnerabilities have decreased, empowering the security team to swiftly identify and remediate issues. This not only protects the platform but also safeguards the millions of users who trust Change.org with their data and impactful petitions.

Left Quote
Now we have a formalized process for how to scan and how to remediate, and not only have we drastically cut down on the amount of vulnerabilities on our website and on the backend, we’ve been able to partner with our engineers for faster fixes, which then protects the people who use Change.org.
Right Quote

— Mike Bogdan, Senior Manager Information Security

CHOOSING  A SOLUTION

The integration of Snyk and StackHawk has proven invaluable for Change.org. Previously lacking standardization in security practices, the adoption of these solutions improves the team's security posture and gives the Change.org security team the ability to effectively protect their platform and users at scale.This transformation not only significantly reduced the number of vulnerabilities across the website and backend but also bolstered protection for Change.org's millions of daily users. With sensitive user data and impactful petitions at stake, ensuring robust security measures is paramount.

EXPERIENCE WITH STACKHAWK & SNYK 

Moving forward, Change.org remains committed to leveraging Snyk and StackHawk's offerings. Actively participating in beta testing and collaborating on product enhancements, Change.org recognizes the symbiotic nature of this partnership. By contributing to the improvement of Snyk and StackHawk's solutions, Change.org simultaneously strengthens its own security posture. Change.org views this collaboration as an extension of their capabilities, fostering a mutually beneficial relationship for all parties involved.

alternativeText

About Change.org

Change.org, the world’s largest tech platform for social change, serves as a global hub for over half a billion individuals passionate about making a difference. Users create and sign petitions on issues ranging from local concerns to global challenges, aiming to impact communities and shape a better world.

SHIP SECURE
SOFTWARE FASTER!

Want to know how StackHawk can improve your API Security and AppSec Programs?

Schedule time with our experts for a live demo.

Schedule time with our experts for a live demo.

Get Hands-On Experience
Give Us A Test Drive!

We know you might want to test drive a full version of security software before you talk to us. So, Get It On!