Case Study: How Paidy Cut Their Pen Testing Budget in Half With APIsec

About Paidy

Company: Paidy
Founded: 2008
Industry: FinTech
Mission: You don't need to be "troublesome" when shopping.

Paidy is a popular online payment platform serving the Japanese market. It leverages machine learning to underwrite transactions in seconds. As the platform gained more partners, ensuring continuous API security testing became a top priority.

‍

Business Challenge

Paidy needed to ensure comprehensive API security testing coverage on every release while managing limited internal resources. The primary challenges included:

• Running full API security tests with every update to reduce the risk footprint.
• Proving to integration partners that Paidy's APIs were secure.
• Overcoming the limitations of manual pen testing, which was resource-intensive and infrequent.

Key Challenges

• Insufficient internal resources for consistent manual pen testing.
• Lack of specific expertise to build and execute an API testing process.
• Continuous changes in the application layer creating new API security threats.

Paidy’s internal resources were stretched thin, and manual pen testing was not scalable. An automated, continuous solution was required to ensure robust API security.

The Solution

Paidy selected APIsec, an AI-based solution that provides continuous, automated API security testing. APIsec's platform scans for vulnerabilities generates custom-tailored attack scenarios, and creates detailed reports after each security check.

Features of APIsec:

• Custom security tests for Paidy’s applications.
• Continuous and on-demand testing after every update.
• Interpretation of test results to uncover vulnerabilities with actionable remediation steps.
• Integration of findings into developers’ workflows for quick resolution.

APIsec seamlessly integrated into Paidy’s systems, creating tickets based on generated reports and providing hands-on training and RBAC role-based access for secure testing.

‍

The Business Impact

API Security Coverage:

• Number of APIs covered: 700+
• Frequency of automated tests: Every release

Cost Savings:

• Reduction in pen-testing budget: 50%

Vulnerability Window:

• Reduction in vulnerability window: From 90 days to real-time

Developer Efficiency:

• Number of actionable reports generated: 100+ per month

‍

Embracing Shift-Left API Security

“I would recommend APIsec to any business that has one or multiple APIs for their applications or services and has been thinking about what would happen if their API would get compromised. Better to be proactive than reactive.” ~ Felix Beatty

‍

Looking Ahead: Sustaining Security Excellence

Paidy is committed to further enhancing their API security practices by focusing on the following:

• Expanding Testing Coverage: Continuously broadening the scope of API security tests.
• Enhancing Automation: Increasing automation in security processes to reduce manual intervention.
• Continuous Training: Investing in ongoing training for development and security teams.
• Collaborating with APIsec: Leveraging new features and updates to enhance their security posture.

By prioritizing these areas, Paidy aims to maintain robust protection of their APIs, ensuring the highest standards of security and reliability for their customers.

APIsec has significantly enhanced Paidy's API security testing capabilities, providing comprehensive coverage and real-time risk management. This collaboration has led to efficient deployment, rapid time to value, and substantial cost savings, proving the effectiveness of proactive and continuous API security measures in protecting sensitive data within the dynamic fintech landscape.