StackHawk
Sign In
Get a Demo

Customer Success Story

Global Airline Company Operationalizes API Security at Scale

By integrating StackHawk, the global airline streamlined security testing across its complex microservices ecosystem—spanning booking, check-in, and loyalty systems. Rapid growth had created fragmented ownership, limited security resources, and tools that couldn’t handle complex authentication. StackHawk changed that by embedding automated API security testing directly into CI/CD workflows, giving developers instant, actionable insights without slowing releases.

Accelerated Development Cycles

Shifted Security Left

Reduced Security Backlog

GitHub logo

Use Case

Standardizing and Scaling Security

Industry

Transportation

Employees

+18,300

Location

UK

Download Full Story
As the airline’s digital ecosystem expanded, several challenges surfaced. Security responsibilities were unclear, with rotating teams following inconsistent processes and lacking a standardized approach. Limited security resources created bottlenecks that delayed development, while traditional penetration testing methods struggled to keep pace with the scale of their microservices environment. On top of that, complex authentication systems made testing protected APIs difficult for legacy tools. Together, these challenges highlighted the urgent need for a modern, developer-centric solution. Enter StackHawk.
I love a lot of the features, especially API Discovery. It’s groundbreaking.

DevSecOps

The Problem

A global airline with a complex microservices architecture struggled with scaling security testing, leading to development bottlenecks and a growing security backlog due to unclear processes and challenges with complex authentication.

The Solution

The airline implemented StackHawk, an API security solution that seamlessly integrated with their development workflows, supported complex authentication, and shifted security testing left, empowering developers to own the process.

The Results

Accelerated development cycles, a significantly reduced security backlog, and a fundamental shift towards a developer-centric security culture.

Choosing a Solution

The airline conducted an extensive evaluation of API security solutions, ultimately selecting StackHawk for its unique capabilities that aligned perfectly with their needs.

Seamless Integration with Existing Workflows

StackHawk’s deep integrations with GitHub Actions and Jira were game-changers for the airline. The GitHub Actions integration allowed them to embed security testing directly into their CI/CD pipelines and automatically trigger scans on pull requests, giving developers immediate feedback before merging code. With the Jira integration, discovered issues are automatically assigned/routed to the appropriate teams, removing the need for manual handoffs. Both of these integrations have enabled developers to address security issues without disrupting their normal workflows.

Support for Complex Authentication

The airline’s authentication requirements presented significant challenges for most security tools. StackHawk’s flexible authentication handling provided the capabilities needed to properly navigate complex authentication workflows and test their protected APIs.

Shifting Security Left

The ability to integrate security testing early in the development lifecycle was crucial for the airline. StackHawk’s modern design made it possible to run comprehensive security scans during the development and testing phases, not just in production. This shift has enabled developers to find and fix vulnerabilities before production, making security testing part of the development process rather than an afterthought.

Developer Empowerment

Perhaps most importantly, StackHawk’s developer-centric approach resonated with the airlines’ vision for developers to own the dynamic security testing process, allowing them to scale security efforts effectively. StackHawk’s remediation guides, vulnerability overviews, run-time context and developer tools have armed developers with comprehensive and useful information about security findings they need to take action.

Experience with StackHawk

Since implementing StackHawk, the airline has seen tangible improvements in its security posture and development efficiency.

Accelerated Development Cycles

By shifting security left and automating testing, the airline has significantly improved its release velocity without compromising security.

Reduced Security Backlog

The early visibility into vulnerabilities provided by StackHawk has dramatically reduced the airline’s backlog of security tickets. Instead of handing developers external penetration reports long after they’ve moved on from the code, developers now catch issues sooner—when fixes are simpler and less costly.

A Culture Shift

The most significant impact has been on the airline’s security culture. They have experienced a fundamental shift in how their teams approach security: Developers now have ownership and visibility into security testing, allowing them to think about potential vulnerabilities earlier and design more secure systems from the start.

Explore Our Customer Stories

Public Benefit Corporation

Change.org needed a way to improve their security posture and effectively protect their platform and users at scale.

Health Tech

A healthtech company boosted security with StackHawk for API discovery and automated CI/CD security testing, to improve efficiencies while reducing risk.

Financial Services

Learn how one FinTech Leader deployed StackHawk to secure its Fortune 100 customers, prioritizing a shift-left and continuously secure model over just box checking for compliance requirements.

Interested in seeing StackHawk at work?

Schedule time with our team for a live demo.

Request a Live Demo