Use Case
Automate DAST in SDLC
Industry
Financial Services
Employees
+1,000
Location
UK
AWESOME CUSTOMER SUCCESS STORY
FinTech Leader Secures Fortune 100 Customers by Shifting Security Left
BACKGROUND
A financial services innovator faced a growing challenge: securing their rapidly expanding API landscape. With over 200 services and 1,000+ code releases a month, their small AppSec team of five recognized that keeping pace with over 250 developers across 50 different teams was not sustainable in their current state.
Their legacy DAST tool proved to be cumbersome and unreliable. “It was a constant game of chutes and ladders,” recalls the Head of Security Engineering. “Every update seemed to break something or deprecate a feature completely.” The company was attracting larger clients and partners with stringent security requirements, and as an organization that holds security to high standards, this could not continue.
Choosing a Solution
The company’s evaluation criteria were straightforward: ease and speed of API onboarding, platform reliability and stability, responsive support, and the ability to demonstrate scan coverage. However, those were just table stakes as the company views security as part of quality and is non-negotiable. They wanted more than just a security tool; they wanted a code quality management solution with security as an integral part of overall software quality. StackHawk checked all the boxes.
Comprehensive API Support
As an API-centric company, they needed a product that could support not only REST APIs but also GraphQL and gRPC. StackHawk was built to thoroughly test all APIs and support modern microservices architecture, aligning with their needs.
The ability to automate authentication was also crucial. Many of the company’s APIs handle sensitive data day in and day out, requiring complex authentication scenarios. StackHawk’s flexible and customizable authenticated scanning options enabled them to enact a simple and secure process that could scale.
Developer-First Approach
The company’s ideal state was clear: Developers in control of their security pipelines with AppSec providing oversight. “As the AppSec team, we want a clear view of all scans and their results, but we can’t be gatekeepers for every single scan. We need a way for developers to own their security testing with code and configuration residing in their repositories,” said the Senior Application Security Engineer.
They had an appetite to shift left and automate as much as possible to continue leading innovation in FinTech. StackHawk’s deep integration with GitHub Actions helps ensure developers can test their code on every commit and remediate vulnerabilities before the code is released with as little disruption to their workflow as possible.
On top of that, the StackHawk platform was completely designed with developers in mind. Its configuration-as-code approach and developer-friendly remediation context empower teams to set up scans easily, identify and fix vulnerabilities quickly, and ultimately take ownership of their code's security.
Experience with StackHawk
To ensure success across the entire company, StackHawk hosted an onsite training to ensure the teams could be confident and successful with their new process of testing and remediating code before deploying to production. StackHawk also conducted weekly implementation syncs and 1:1s with a solution architect to support each new team that was introduced to the platform.
Since its implementation, StackHawk is now part of the company’s standard development workflow. With automated and comprehensive API testing throughout the SDLC, the company has successfully met the stringent security requirements of its Fortune 100 customers, opening new avenues for business growth.
Get Hands-On Experience
Give Us A Test Drive!
Take control of your AppSec program with StackHawk. Discover, Test, and gain Continuous Oversight. Get started!