Industrial Automation Company Shifts-Left: From Legacy DAST to Modern API Security

I need this product and I need it yesterday.

— Engineering Director

ACHIEVING CORE CRITICAL COVERAGE

The company’s journey led them to StackHawk after evaluating the ineffectiveness of their legacy tool. With only 10%- 12% coverage and leaving many application paths undetected and untested, the lack of coverage did not meet the stringent security requirements to which they held their business.

With StackHawk, the team set an initial goal of critical coverage with the intent to secure and bring under test a number of tier-one applications in a phased approach. With strong internal advocates for secure development processes and a mindset for modern security practices, this company was able to meet its advanced security requirements, which were unmatched by its legacy solution.

DELIVERING FASTER FEEDBACK LOOPS

Development happens FAST at this company, with engineers pushing new code at least 15 times a day, but their legacy DAST tool could not keep up. Code would get released before a scan could complete, causing developers to interrupt their workflow if a potential vulnerability was discovered. The old way of doing things: Scanning in production environments, manually creating and updating tickets, and back-and-forth conversations between teams to gain context was not going to cut it.

StackHawk’s ability to complete scans at lighting speed in pre-production environments helps their teams ensure that all new code is thoroughly tested before being released into the wild. They then squeeze the feedback loop even tighter by using the JIRA integration. They are able to provide real-time feedback to different product teams and applications by mapping scan results to specific JIRA workspaces. That means the appropriate teams are immediately alerted of vulnerabilities in their familiar workspace. And with their code-contributing developers having direct access to the StackHawk platform, they can get the context they need to start working on resolutions quickly and validate their fixes before re-committing code.

SUPPORT AND DOCUMENTATION

The company was looking for more than just a vendor. They wanted someone they could partner with to make their security overhaul successful enterprise-wide.

StackHawk collaborated closely with the company to address their specific needs via regular check-ins and technical troubleshooting sessions. This included working together on pre-integration checklists to set up success for future teams across the organization that would adopt StackHawk. Additionally, they found StackHawk’s knowledge base of documentation and easy-to-follow guides as a major win when establishing a new partner to overhaul their security initiatives.

After a positive experience implementing StackHawk at one business unit, the company is excited to roll out the platform across the broader enterprise. The expansion strengthens the security landscape among subsequent business units and empowers the entire organization to secure their applications and APIs more efficiently. The implementation work done by the initial division provides a solid foundation for more business units to build on and adopt the solution with as little friction as possible.

With the help of StackHawk, the company has transformed how security and developers collaborate to deliver highly secure software to its customers. Unlike the legacy process of throwing issues over the wall to developers, their engineering team catches vulnerabilities in CI/CD and resolves them before hitting an internet-facing environment, all while their security teams maintain governance and gain greater visibility.

It’s the perfect tool to move from legacy DAST into true security.

—Senior Software Architect