Semgrep
GitHub
Snyk
AWS
Microsoft
StackHawk Platform
API Attack Surface Discovery
Runtime Application Security Testing
Application Security Oversight
Integrations
Modern DAST
Shift-Left API Security Testing
Code-Based Sensitive Data Detection
gRPC Security Testing
GraphQL Security Testing
Healthcare
FinServ
Docs
Technical Blogs
Getting Started
Watch a Demo
Blog
Shift-Left Maturity Model
All Resources
Customers
Partners
Contact
Careers
NewsCustomer Success Story
FinTech Leader Secures Fortune 100 Customers by Shifting Security Left
By integrating StackHawk, the financial services company built a scalable and efficient approach to securing its rapidly growing API landscape. With over 200 services and more than 1,000 code releases each month, the small AppSec team needed a solution that could keep pace with 250 developers across 50 teams—without slowing innovation or compromising security.
Faster, Automated Vulnerability Testing
Scalable API security
Enhanced Compliance and Client Trust
Use Case
Automate DAST in SDLC
Industry
Financial Services
Employees
+1,000
Location
UK
The company’s legacy DAST tool had become a major roadblock. “It was a constant game of chutes and ladders,” recalls the Head of Security Engineering. “Every update seemed to break something or deprecate a feature completely.” As the organization attracted larger clients with stricter security expectations, the need for a reliable, automated, and developer-friendly testing solution became clear. Enter StackHawk.
StackHawk didn’t just shift security left—they put vulnerabilities on notice. We integrated API testing into our SDLC, hardened our fintech platform, and met Fortune 100 security expectations without slowing down development.
The Problem
The rapidly growing financial services company struggled to secure its expanding API landscape with a legacy DAST tool, facing challenges with scalability, developer efficiency, and meeting stringent client security requirements.
The Solution
The company chose to implement StackHawk’s modern API security platform for its comprehensive API support, automated authenticated scanning capabilities, and developer-centric approach with integrations like GitHub Actions, enabling them to shift security left and improve their overall security posture.
The Results
By adopting StackHawk, the company successfully met the security requirements of its Fortune 100 clients, streamlined its secure development workflows, and empowered developers to take ownership of security testing, ultimately enabling significant business growth.
Choosing a Solution
The company’s evaluation criteria were straightforward: ease and speed of API onboarding, platform reliability and stability, responsive support, and the ability to demonstrate scan coverage. However, those were just table stakes as the company views security as part of quality and is non-negotiable. They wanted more than just a security tool; they wanted a code quality management solution with security as an integral part of overall software quality. StackHawk checked all the boxes.
Comprehensive API Support
As an API-centric company, they needed a product that could support not only REST APIs but also GraphQL and gRPC. StackHawk was built to thoroughly test all APIs and support modern microservices architecture, aligning with their needs.
The ability to automate authentication was also crucial. Many of the company’s APIs handle sensitive data day in and day out, requiring complex authentication scenarios. StackHawk’s flexible and customizable authenticated scanning options enabled them to enact a simple and secure process that could scale.
Developer-First Approach
The company’s ideal state was clear: Developers in control of their security pipelines with AppSec providing oversight. “As the AppSec team, we want a clear view of all scans and their results, but we can’t be gatekeepers for every single scan. We need a way for developers to own their security testing with code and configuration residing in their repositories,” said the Senior Application Security Engineer.
They had an appetite to shift left and automate as much as possible to continue leading innovation in FinTech. StackHawk’s deep integration with GitHub Actions helps ensure developers can test their code on every commit and remediate vulnerabilities before the code is released with as little disruption to their workflow as possible.
On top of that, the StackHawk platform was completely designed with developers in mind. Its configuration-as-code approach and developer-friendly remediation context empower teams to set up scans easily, identify and fix vulnerabilities quickly, and ultimately take ownership of their code’s security.
Experience with StackHawk
To ensure success across the entire company, StackHawk hosted an onsite training to ensure the teams could be confident and successful with their new process of testing and remediating code before deploying to production. StackHawk also conducted weekly implementation syncs and 1:1s with a solution architect to support each new team that was introduced to the platform.
Since its implementation, StackHawk is now part of the company’s standard development workflow. With automated and comprehensive API testing throughout the SDLC, the company has successfully met the stringent security requirements of its Fortune 100 customers, opening new avenues for business growth.
StackHawk has been above and beyond any other company I’ve worked with in the security tooling space. I like the product, I like the vision, and I love the experience.
Explore Our Customer Stories
Public Benefit Corporation
Change.org needed a way to improve their security posture and effectively protect their platform and users at scale.
Health Tech
A healthtech company boosted security with StackHawk for API discovery and automated CI/CD security testing, to improve efficiencies while reducing risk.
Financial Services
Learn how one FinTech Leader deployed StackHawk to secure its Fortune 100 customers, prioritizing a shift-left and continuously secure model over just box checking for compliance requirements.
Interested in seeing StackHawk at work?
Schedule time with our team for a live demo.