LATAM Financial Giant Secures Modern Microservices with StackHawk

We went from slow, manual pen testing to automated, near-instant feedback in our pipeline, truly shifting left and securing our modern infrastructure at scale. StackHawk didn’t just sell us a tool, they became our security partners, helping us understand our attack surface better than ever before.

— DevOps Engineer

Automated DAST at Scale

The company required a solution that could be integrated into its Azure pipelines and existing developer workflows. Its goal was to automate DAST testing in its pipelines, stop code progression when vulnerabilities were found, and help developers resolve bugs with as little disruption to their workflow as possible. This was a tall order, but StackHawk was the clear choice for the job after evaluating a handful of legacy tools.

Comprehensive Microservices Testing

The company’s supermodern microservices infrastructure demands a DAST solution capable of thoroughly testing individual services and their interactions. StackHawk’s modern platform was built to automate security testing across all API types and services proactively. It enables the company to uncover unexpected data interactions and potential vulnerabilities with specific key input values for API requests, identify vulnerabilities unique to their application’s architecture and business logic, and remediate any issues uncovered before bad actors can exploit them.

Responsive and Reliable Support

The company was particularly impressed with StackHawk’s commitment to providing exceptional customer support. They found great value in weekly calls and having direct access to a dedicated success representative and Solutions Architect from StackHawk. The StackHawk team went above and beyond by providing a translator on every call and ensuring all onboarding documentation was translated into Spanish. Even emails were thoughtfully translated, making communication effective and demonstrating a genuine dedication to being a partner in the company’s success. After experiencing a lack of responsiveness from a previous security vendor when they needed help the most, this level of personalized support was a key factor in the customer’s decision to choose StackHawk.

Lighting-Fast Scan Times

The company’s average scan time has been reduced to less than one minute, enabling continuous testing (up to 12 scans per day!) and providing developers with security feedback almost immediately.

Tighter Feedback Loops

The near-instantaneous feedback provided by StackHawk empowers the developers to address security vulnerabilities early in the development lifecycle, reducing the cost and effort of remediation and enhancing overall security posture.

Enhanced Application Infrastructure Knowledge

By implementing StackHawk, the company’s security team gained a deeper understanding of its application and API infrastructure. They now have a clear picture of which applications to prioritize for testing and can maintain a comprehensive view of their overall attack surface and coverage.