As Sally Beauty's rich web and mobile experiences expanded, so did its API footprint across many development platforms. Security leaders needed fast visibility into the full API catalog and comprehensive, automated testing that was simple to operate.
After a competitive proof of concept, Sally Beauty chose apisec for rapid visibility into the scope of its API catalog and for robust, automated validation. apisec discovered APIs at the gateway, surfaced their definitions, and ran comprehensive testing continuously through development.
apisec mapped the API surface within 30 days and now runs 3,515 validations a day across the estate, including no-code platforms, protecting a business of more than 4,000 stores.
Company: Sally Beauty
Founded: 1964
Industry: Beauty/Retail
Recognitions:
Sally Beauty Holdings, Inc. is the largest distributor of professional beauty products in the U.S. and is on a mission to inspire a more colorful, confident, and welcoming world.
The consumer retail space has advanced rapidly to provide rich web and mobile applications that deliver rich consumer experiences. As API usage expanded to support Sally Beauty’s transformation journey, the CISO and security leaders recognized the need to enhance their mature security program with API-specific solutions.
After a competitive POC review of multiple application security solutions, Sally Beauty chose apisec for its ability to quickly deliver visibility into the scope of their API catalog and its robust, automated, API testing capabilities.
“An initial area of focus was “what do we have?” We didn't know the lay of the land. We reached out to our integration and development teams and realized the majority of our APIs were being developed in centralized platforms. With that knowledge, we were able to easily deploy apisec at the gateway and very quickly catalog what our API library contained and understand the function for each API.” ~ Josh Franklin
“As we evaluated different products, a driving factor in our decision was ease of deployment and use so we weren’t creating a huge administrative overhead for our team. With apisec, we were able to hit the ground much faster, and get it deployed.” ~ Josh Franklin
“WIthin 30 days or so, we were able to deploy apisec, connect it to our primary gateway, and gain decent visibility to what API's our applications had. From there, we did some fine-tuning on our test playbooks to understand where we may have some vulnerabilities we wanted to address. apisec was definitely something that drove value very quickly.” ~ Josh Franklin
Looking ahead, Sally Beauty is committed to grow their API footprint, and commensurately the the security of these. Leveraging low-code and no code platforms with inherent open configuration models, ensuring air-tight security of applications through APIs is critical.
“apisec delivered on exactly what we needed; an API security solution that was pretty hands-off as much as possible, with strong automation and intelligence, that would allow us to understand our API landscape, and discover and address any potential issues before they reach production.”
Do you want to join Sally Beauty and some of the world’s most successful companies that rely on apisec to protect their application? Contact our team today to schedule a demo or get a free vulnerability assessment.
apisec delivered on exactly what we needed; an API security solution that was pretty hands off as much as possible, with strong automation and intelligence, that would allow us to understand our API landscape, and discover and address any potential issues before they reach production.