Explore StackHawk
Watch a Demo
Getting Started
Getting Started
StackHawk API
Integrations
StackHawk Platform
Authentication
Maturity Model
Watch a Demo
Blog
Getting Started
About
All Resources
Explore StackHawk
Watch a Demo
Getting Started
Getting Started
StackHawk API
Integrations
StackHawk Platform
Authentication
Maturity Model
Watch a Demo
Blog
Getting Started
About
All ResourcesAWESOME CUSTOMER SUCCESS STORY
Global Airline Company Operationalizes API Security at Scale
BACKGROUND
For anyone who’s ever booked a flight online, you know how frictionless the experience needs to be. One global leader in air travel’s digital presence lies in a complex ecosystem of applications and services that power everything from booking to check-in to loyalty programs and critical internal systems. With an increasingly complex microservices architecture, the company faced growing challenges with maintaining strong security without slowing down development.
This evolution created several pain points:
- Unclear Ownership and Processes: Security scanning responsibilities were spread across rotating security teams with inconsistent approaches and lacked a standardized workflow
- Resource Bottlenecks: Limited security resources created bottlenecks that slowed down development cycles
- Scaling Challenges: External penetration testing could no longer keep pace as their microservices footprint expanded
- Complex Authentication: Their sophisticated authentication mechanisms made it difficult for traditional/legacy security testing tools to navigate
Use Case
Standardizing and Scaling Security
Industry
Transportation
Employees
+18,300
Location
UK
I love a lot of the features, especially API Discovery. It’s groundbreaking.
— DevSecOps
THE PROBLEM
A global airline with a complex microservices architecture struggled with scaling security testing, leading to development bottlenecks and a growing security backlog due to unclear processes and challenges with complex authentication.
THE SOLUTION
The airline implemented StackHawk, an API security solution that seamlessly integrated with their development workflows, supported complex authentication, and shifted security testing left, empowering developers to own the process.
THE RESULTS
Accelerated development cycles, a significantly reduced security backlog, and a fundamental shift towards a developer-centric security culture.
The airline conducted an extensive evaluation of API security solutions, ultimately selecting StackHawk for its unique capabilities that aligned perfectly with their needs.
Seamless Integration with Existing Workflows
StackHawk’s deep integrations with GitHub Actions and Jira were game-changers for the airline. The GitHub Actions integration allowed them to embed security testing directly into their CI/CD pipelines and automatically trigger scans on pull requests, giving developers immediate feedback before merging code. With the Jira integration, discovered issues are automatically assigned/routed to the appropriate teams, removing the need for manual handoffs. Both of these integrations have enabled developers to address security issues without disrupting their normal workflows.
Support for Complex Authentication
The airline’s authentication requirements presented significant challenges for most security tools. StackHawk’s flexible authentication handling provided the capabilities needed to properly navigate complex authentication workflows and test their protected APIs.
Shifting Security Left
The ability to integrate security testing early in the development lifecycle was crucial for the airline. StackHawk’s modern design made it possible to run comprehensive security scans during the development and testing phases, not just in production. This shift has enabled developers to find and fix vulnerabilities before production, making security testing part of the development process rather than an afterthought.
Developer Empowerment
Perhaps most importantly, StackHawk’s developer-centric approach resonated with the airlines’ vision for developers to own the dynamic security testing process, allowing them to scale security efforts effectively. StackHawk’s remediation guides, vulnerability overviews, run-time context and developer tools have armed developers with comprehensive and useful information about security findings they need to take action.
Since implementing StackHawk, the airline has seen tangible improvements in its security posture and development efficiency.
Accelerated Development Cycles
By shifting security left and automating testing, the airline has significantly improved its release velocity without compromising security.
Reduced Security Backlog
The early visibility into vulnerabilities provided by StackHawk has dramatically reduced the airline’s backlog of security tickets. Instead of handing developers external penetration reports long after they’ve moved on from the code, developers now catch issues sooner—when fixes are simpler and less costly.
A Culture Shift
The most significant impact has been on the airline’s security culture. They have experienced a fundamental shift in how their teams approach security: Developers now have ownership and visibility into security testing, allowing them to think about potential vulnerabilities earlier and design more secure systems from the start.
Explore Our Customer Stories
Learn how StackHawk customers shift left with automated API and application security testing.
Breathe Life made the decision to deploy Snyk and StackHawk together so engineers could find and fix security vulnerabilities earlier in the development lifecycle.
Learn how one FinTech Leader deployed StackHawk to secure its Fortune 100 customers, prioritizing a shift-left and continuously secure model over just box checking for compliance requirements.
Change.org needed a way to improve their security posture and effectively protect their platform and users at scale.
Interested in seeing StackHawk at work?
Schedule time with our team for a live demo.
Request a Live StackHawk Demo
Learn how you can complete your first scan with StackHawk in little as 10 minutes.
Get Hands-on Experience.
Give Us a Test Drive!
We know you might want to test drive a full version of security software before you talk to us. So, Get It On!