Case study · Sally Beauty

Sally Beauty maps its application surface in 30 days

The world's largest beauty retailer mapped its API surface in 30 days and now runs 3,515 validations a day.

30 days
to full surface map
3,515
validations per day
4,000+
stores protected

The challenge

As Sally Beauty's rich web and mobile experiences expanded, so did its API footprint across many development platforms. Security leaders needed fast visibility into the full API catalog and comprehensive, automated testing that was simple to operate.

What they did

After a competitive proof of concept, Sally Beauty chose apisec for rapid visibility into the scope of its API catalog and for robust, automated validation. apisec discovered APIs at the gateway, surfaced their definitions, and ran comprehensive testing continuously through development.

The outcome

apisec mapped the API surface within 30 days and now runs 3,515 validations a day across the estate, including no-code platforms, protecting a business of more than 4,000 stores.

About Sally Beauty

Company: Sally Beauty
Founded:
1964
Industry:
Beauty/Retail
Recognitions:

  • Largest beauty supplier in the world with over 4,000 retail stores and 27,000 employees
  • Recognized in Newsweek America’s Greatest Workplaces 2023

Sally Beauty Holdings, Inc. is the largest distributor of professional beauty products in the U.S. and is on a mission to inspire a more colorful, confident, and welcoming world.

Business Challenges

The consumer retail space has advanced rapidly to provide rich web and mobile applications that deliver rich consumer experiences. As API usage expanded to support Sally Beauty’s transformation journey, the CISO and security leaders recognized the need to enhance their mature security program with API-specific solutions.

Key Requirements

  • Give visibility into API catalog
  • Comprehensive testing for known vulnerabilities across different API dev platforms
  • Automated, simple-to-use solution

Solution

After a competitive POC review of multiple application security solutions, Sally Beauty chose apisec for its ability to quickly deliver visibility into the scope of their API catalog and its robust, automated, API testing capabilities.

Features of apisec:

  • API discovery at the gateway
  • API definition insights
  • Automated, comprehensive application security testing during development

API Library Visibility

“An initial area of focus was “what do we have?” We didn't know the lay of the land. We reached out to our integration and development teams and realized the majority of our APIs were being developed in centralized platforms. With that knowledge, we were able to easily deploy apisec at the gateway and very quickly catalog what our API library contained and understand the function for each API.” ~ Josh Franklin

Ease of Use

“As we evaluated different products, a driving factor in our decision was ease of deployment and use so we weren’t creating a huge administrative overhead for our team. With apisec, we were able to hit the ground much faster, and get it deployed.” ~ Josh Franklin

Speed to Value

“WIthin 30 days or so, we were able to deploy apisec, connect it to our primary gateway, and gain decent visibility to what API's our applications had. From there, we did some fine-tuning on our test playbooks to understand where we may have some vulnerabilities we wanted to address. apisec was definitely something that drove value very quickly.” ~ Josh Franklin

Future Focus: Sustaining Application Security Excellence

Looking ahead, Sally Beauty is committed to grow their API footprint, and commensurately the the security of these. Leveraging low-code and no code platforms with inherent open configuration models, ensuring air-tight security of applications through APIs is critical.

Conclusion

“apisec delivered on exactly what we needed; an API security solution that was pretty hands-off as much as possible, with strong automation and intelligence, that would allow us to understand our API landscape, and discover and address any potential issues before they reach production.”

Do you want to join Sally Beauty and some of the world’s most successful companies that rely on apisec to protect their application? Contact our team today to schedule a demo or get a free vulnerability assessment.

apisec delivered on exactly what we needed; an API security solution that was pretty hands off as much as possible, with strong automation and intelligence, that would allow us to understand our API landscape, and discover and address any potential issues before they reach production.

Josh Franklin · Sr. Manager, Information Security Operations, Sally Beauty