Case Study: How Sungage Financial improved their application security within 1 week
2024-6-11 15:42:15 Author: securityboulevard.com(查看原文) 阅读量:1 收藏

Case Study: How Sungage Financial improved their application security within 1 week

Sungage Financial is dedicated to financing a sustainable future for homeowners across the United States. Sungage Financial specializes in offering seamless, efficient, and highly-supported financing options for solar energy and storage. 

They’ve just started deploying a Graphql API for the first time within multiple apps in their ecosystem, and thus, the Sungage security team searched for the best solution to secure this new API type. They finally chose Escape as their full-lifecycle API security solution.

Use cases

  1. Ensuring API Security at every development stage
  2. Shifting left with continuous security

The problem

With the increasing demand for sustainable energy solutions, it's crucial for a company like Sungage Financial, dealing with significant financial transactions, to maintain robust security and efficiency. Sungage Financial has found it challenging not only to streamline processes but also to implement effective improvements. To address these challenges, particularly the security issues with their GraphQL APIs, Sungage Financial needed a solution to allow developers to perform autonomous quality assurance and optimization right from the development phase.

💡

Key problems included:
1. Evaluating the risk linked to each exposed API.
2. Prioritizing the issues present in certain API utilization.
3. Being able to fix issues fast by their developers.

The solution

Escape is part of making sure we have some good penetration testing against our GraphQL API. We found it to be very helpful." – Evan McDaniel, Director of Software Engineering

Upon implementing Escape, Sungage Financial saw immediate results on the security of its GraphQL APIs:

A Comprehensive Catalog of All Exposed Applications

Adopting Escape allowed Sungage Financial to develop a comprehensive overview of all exposed applications. This overview provided a detailed view of the organization's application landscape, allowing Sungage Financial to better manage its API exposure and make strategic decisions about security measures. With a clear picture of the applications in their environment, Sungage Financial could allocate resources more effectively and concentrate on protecting the most crucial assets.

Case Study: How Sungage Financial improved their application security within 1 week
Overview of the security scan that Escape performs.

Ongoing Risk Evaluation for Each Exposed Application

Another significant benefit of using Escape for Sungage Financial was the ongoing risk evaluation offer for each and all exposed applications. This continuous assessment ensured that the security team remained vigilant and informed about potential vulnerabilities and threats across their application portfolio. By proactively addressing emerging risks, Sungage Financial significantly reduced the likelihood of security breaches. This proactive stance is especially vital in the financial sector, where maintaining data integrity and customer trust is critical.

Integrated Security Testing and Developer-Friendly Solutions

A key advantage of using our solution was the seamless GraphQL security testing and developer-friendly solutions. This integration streamlines the security assessment process and encourages possible future collaboration between the security and development teams. By embedding security practices into the software development lifecycle, Sungage Financial could identify vulnerabilities early in the process and fix them in 1 week at the start. It helped them to save time and resources while enhancing the overall security of their applications.

How Escape stood out for Sungage Financial

According to Evan McDaniel, Director of Software Engineering, Escape stood out for 3 primary reasons:

  1. A simple setup process. Which allowed the tech team to easily get the necessary information.
  2. The ability to get the remediation in a quick and easy way. 
  3. Specialized support for GraphQL, making it a top choice for securing GraphQL APIs.

Escape is also always there for Sungage Financial, helping with daily tasks and fixing technical issues that may arise.

The Impact: Prevent Any Application Risks

Being able to fix important issues is crucial

Using Escape, the Sungage Financial security team could autonomously remediate discovered API vulnerabilities, ensuring swift action. Escape provided detailed guidance for implementing fixes, specifying the exact path and parameters needed to replicate the issue. This allows developers to export reproducible queries for testing, confirming that the vulnerabilities have been completely resolved. Left unaddressed, these vulnerabilities could have had severe repercussions.

Future plans

With the success of the collaboration, Evan is looking forward to using more of Escape’s features especially on a larger scale, and hopes to be able to make full use of the integrations and automations provided by the platform.

"We will be securing some REST endpoints as well because we're just starting to develop those and get those ready. So this will be one of our next steps. I'm glad to hear that that will be simple." – Evan McDaniel, Director of Software Engineering

Read more of Escape's successful collaborations

*** This is a Security Bloggers Network syndicated blog from Escape - The API Security Blog authored by Mia Berthier. Read the original post at: https://escape.tech/blog/case-study-how-sungage-financial-improved-their-application-security-within-1-week/


文章来源: https://securityboulevard.com/2024/06/case-study-how-sungage-financial-improved-their-application-security-within-1-week/
如有侵权请联系:admin#unsafe.sh