StackHawk
Sign In
Get a Demo

Customer Success Story

Global Customer Experience Platform Achieves Enterprise-Scale API Testing

Global contact center platform implements automated DAST across massive API surface, achieving weekly testing cadence and CI/CD integration for 400 code contributors while navigating complex infrastructure constraints.

Enterprise-Scale Runtime AppSec Testing Coverage

CI/CD Automation Across Massive API Surface

Flexible Platform Handling Complex Constraints

GitHub logo

Use Case

Enterprise-scale automated DAST for complex, high-volume API platforms

Industry

Cloud Contact Center / Customer Experience Software

Developers

400 code contributors

Location

USA
This global AI-powered customer experience orchestration platform provides the software that enterprise contact centers worldwide rely on. With thousands of employees and a massive microservices architecture behind their public APIs, the company needed automated DAST that could scale to their environment’s complexity. Their “monster API” serves over 10,000 enterprise customers with extremely high reliability requirements. When the team set out to integrate DAST into their CI/CD pipeline, they faced unique infrastructure constraints: strict request size limits, rate limiting, and complex API schemas that made traditional security scanning tools ineffective.
Most security scanners choked on our infrastructure constraints, so we needed a security scanner that was up to the configuration task. That’s why we went with StackHawk.
Security Software Developer, Global CX Platform

The Problem

The company’s massive API surface needed automated DAST, but infrastructure protections blocked 60-90% of scan requests before they reached the application layer. Manual penetration testing consumed 40-50 hours quarterly per major API section and couldn’t keep pace with 400 code contributors and rapid platform expansion.

The Solution

The team implemented StackHawk’s DAST platform, tuning concurrency levels, request throttling, and scan scheduling to respect infrastructure limits while maintaining comprehensive coverage through Jenkins CI/CD integration, API Discovery, and Sensitive Data identification. The platform adapted to their constraints through iterative performance adjustments without requiring infrastructure changes.

The Results

Weekly automated testing replaced 40-50 hours of quarterly manual penetration testing per service, freeing security engineering time to expand coverage across microservices. With one service team fully integrated, the company is onboarding additional teams while leveraging API Discovery across 400 contributors and Sensitive Data tracking for critical APIs.

The Challenge

The company needed automated DAST for their massive API surface, but their infrastructure created extraordinary constraints. Initial scan attempts saw 60-90% of requests failing before reaching the application layer. The same protections safeguarding their production environment were blocking security test traffic entirely. With 400 code contributors and a rapidly expanding platform, manual penetration testing, which consumed 40-50 hours quarterly per service, couldn’t keep pace. The team needed DAST flexible enough to work within strict operational constraints while providing enterprise-scale coverage.

Choosing a Solution

The team implemented StackHawk’s DAST platform to achieve enterprise-scale automated testing within their infrastructure constraints. The platform’s flexibility to adjust concurrency levels, split large OpenAPI specifications into manageable test segments, and configure request throttling enabled scans to respect reverse proxy limits while maintaining comprehensive coverage. StackHawk integrated directly into their Jenkins CI/CD pipeline, with automated cadence testing against their public API and expanding service-level scans for individual microservices.

The team also connected StackHawk to their GitHub repositories, getting complete visibility across their massive application attack surface straight from the source. The platform’s sensitive data identification features helped prioritize testing based on which APIs handled PCI/PHI/PII data—critical for their healthcare and financial services customers. OAuth/JWT authentication automation in scan configurations ensured thorough testing of protected endpoints, while Jira integration streamlined vulnerability triage and false-positive management with threshold-based ticket creation.

Most importantly, StackHawk’s flexible architecture enabled the team to iteratively tune performance: reducing concurrent requests, adding delays between calls, staggering job schedules, and splitting policy enforcement, all without requiring fundamental infrastructure changes that would impact production performance. The platform adapted to their constraints rather than forcing them to rebuild security controls protecting their global customer base.

Experience with StackHawk

The operational impact has been significant. Automated weekly scanning replaced 80-100 hours of manual penetration testing per quarter and freed security engineering time to expand coverage to additional microservices rather than repeating manual testing. The platform’s flexibility to tune performance within strict operational constraints enabled automated security testing without compromising the infrastructure protections that safeguard their global customer base.

Security can now keep pace with 400 developers shipping code continuously and focus on the highest-risk areas of their application with the visibility and intelligence provided by StackHawk’s application attack surface discovery.

StackHawk gave us the configurability to work within our limits while achieving the coverage we need at the enterprise level. Now we’re running weekly automated scans and expanding to more teams.
Security Software Developer, Global CX Platform

Explore Our Customer Stories

Public Benefit Corporation

Change.org needed a way to improve their security posture and effectively protect their platform and users at scale.

Health Tech

A healthtech company boosted security with StackHawk for API discovery and automated CI/CD security testing, to improve efficiencies while reducing risk.

Financial Services

Learn how one FinTech Leader deployed StackHawk to secure its Fortune 100 customers, prioritizing a shift-left and continuously secure model over just box checking for compliance requirements.

Interested in seeing StackHawk at work?

Schedule time with our team for a live demo.

Request a Live Demo