Explore StackHawk
Watch a Demo
Getting Started
StackHawk API
Integrations
Authentication
Maturity Model
BlogAWESOME CUSTOMER SUCCESS STORY
FinTech Leader Secures Fortune 100 Customers by Shifting Security Left
BACKGROUND
A financial services innovator faced a growing challenge: securing their rapidly expanding API landscape. With over 200 services and 1,000+ code releases a month, their small AppSec team of five recognized that keeping pace with over 250 developers across 50 different teams was not sustainable in their current state.
Their legacy DAST tool proved to be cumbersome and unreliable. “It was a constant game of chutes and ladders,” recalls the Head of Security Engineering. “Every update seemed to break something or deprecate a feature completely.” The company was attracting larger clients and partners with stringent security requirements, and as an organization that holds security to high standards, this could not continue.
Use Case
Automate DAST in SDLC
Industry
Financial Services
Employees
+1,000
Location
UK
StackHawk didn’t just shift security left—they put vulnerabilities on notice. We integrated API testing into our SDLC, hardened our fintech platform, and met Fortune 100 security expectations without slowing down development.
— Senior Application Security Engineer
THE PROBLEM
The rapidly growing financial services company struggled to secure its expanding API landscape with a legacy DAST tool, facing challenges with scalability, developer efficiency, and meeting stringent client security requirements.
THE SOLUTION
The company chose to implement StackHawk’s modern API security platform for its comprehensive API support, automated authenticated scanning capabilities, and developer-centric approach with integrations like GitHub Actions, enabling them to shift security left and improve their overall security posture.
THE RESULTS
By adopting StackHawk, the company successfully met the security requirements of its Fortune 100 clients, streamlined its secure development workflows, and empowered developers to take ownership of security testing, ultimately enabling significant business growth.
The company’s evaluation criteria were straightforward: ease and speed of API onboarding, platform reliability and stability, responsive support, and the ability to demonstrate scan coverage. However, those were just table stakes as the company views security as part of quality and is non-negotiable. They wanted more than just a security tool; they wanted a code quality management solution with security as an integral part of overall software quality. StackHawk checked all the boxes.
Comprehensive API Support
As an API-centric company, they needed a product that could support not only REST APIs but also GraphQL and gRPC. StackHawk was built to thoroughly test all APIs and support modern microservices architecture, aligning with their needs.
The ability to automate authentication was also crucial. Many of the company’s APIs handle sensitive data day in and day out, requiring complex authentication scenarios. StackHawk’s flexible and customizable authenticated scanning options enabled them to enact a simple and secure process that could scale.
Developer-First Approach
The company’s ideal state was clear: Developers in control of their security pipelines with AppSec providing oversight. “As the AppSec team, we want a clear view of all scans and their results, but we can’t be gatekeepers for every single scan. We need a way for developers to own their security testing with code and configuration residing in their repositories,” said the Senior Application Security Engineer.
They had an appetite to shift left and automate as much as possible to continue leading innovation in FinTech. StackHawk’s deep integration with GitHub Actions helps ensure developers can test their code on every commit and remediate vulnerabilities before the code is released with as little disruption to their workflow as possible.
On top of that, the StackHawk platform was completely designed with developers in mind. Its configuration-as-code approach and developer-friendly remediation context empower teams to set up scans easily, identify and fix vulnerabilities quickly, and ultimately take ownership of their code’s security.
To ensure success across the entire company, StackHawk hosted an onsite training to ensure the teams could be confident and successful with their new process of testing and remediating code before deploying to production. StackHawk also conducted weekly implementation syncs and 1:1s with a solution architect to support each new team that was introduced to the platform.
Since its implementation, StackHawk is now part of the company’s standard development workflow. With automated and comprehensive API testing throughout the SDLC, the company has successfully met the stringent security requirements of its Fortune 100 customers, opening new avenues for business growth.
StackHawk has been above and beyond any other company I’ve worked with in the security tooling space. I like the product, I like the vision, and I love the experience.
— Senior Application Security Engineer
Explore Our Customer Stories
Learn how StackHawk customers shift left with automated API and application security testing.
Breathe Life made the decision to deploy Snyk and StackHawk together so engineers could find and fix security vulnerabilities earlier in the development lifecycle.
A healthtech company boosted security with StackHawk for API discovery and automated CI/CD security testing, to improve efficiencies while reducing risk.
Change.org needed a way to improve their security posture and effectively protect their platform and users at scale.
Interested in seeing StackHawk at work?
Schedule time with our team for a live demo.
Request a Live StackHawk Demo
Learn how you can complete your first scan with StackHawk in little as 10 minutes.
Get Hands-on Experience.
Give Us a Test Drive!
We know you might want to test drive a full version of security software before you talk to us. So, Get It On!