As Seismic moved from a browser-based product to an API-driven model, its most sensitive surface moved with it. Point-in-time tests and traditional scanners reached only 10 to 20 percent of its APIs, yet manual testing still cost roughly $200,000 a year.
Seismic adopted apisec to make exploitability, not test frequency, the measure of coverage. apisec onboarded the APIs from their Swagger definitions, rebuilt the application model on every change, and continuously generated attacks grounded in Seismic's own business logic, RBAC and ABAC paths, injection, and application denial of service.
Within 24 hours apisec was proving which paths were exploitable. Over three months it drove remediation of 300+ exploitable issues, cut testing cost by 80% (about $160,000 a year), and halved mean time to detect and respond.
Company: Seismic
Founded: 2010
Industry: Sales and Marketing Enablement
Mission: Our mission is our reason for being, and it encapsulates what we’re trying to accomplish as a company. A lot of thought, debate, and consideration went into selecting these three words. We ultimately selected we because our mission isn’t just one person or a faceless organization — it’s all of us together. Ignite is a dynamic word that has a cause and effect. And growth spans personal and professional; individual, team, and business; as well as revenue.
As a leader in sales and marketing enablement, Seismic transitioned from a browser-based application to an API-driven model to meet growing customer demands. This change required enhanced security measures to protect confidential client information.
Seismic faced several challenges as they evolved to an API-driven model:
Despite frequent manual penetration tests, Seismic realized the need for a more comprehensive and cost-effective solution.
Key Challenges:
Seismic partnered with apisec to automate and enhance their application security. apisec's AI-driven platform provided comprehensive security testing, revealing business logic flaws and other vulnerabilities.
apisec's Contributions:
apisec automated the entire process, from onboarding APIs using the Swagger definition file to executing new attack vectors, and the API feature map was rebuilt with each update.
“Our customers ask us what we are doing to protect their sensitive data on Seismic, and once they see what we have done with apisec, their confidence in us grows”
— Tim Dzierzek, VP of Information Security, Seismic
“With APIsec continuously working in our staging environment, we eliminated the need for dynamic scanning and costly manual penetration tests. apisec paid for itself in just three months, providing enterprise-grade application security at a fraction of the cost.”
— Tim Dzierzek, VP of Information Security, Seismic
“The apisec team is a great partner to work with on the journey of securing our APIs. They partner with us to continue to increase the coverage and security of the API.”
— Tim Dzierzek, VP of Information Security, Seismic
Seismic is committed to maintaining and enhancing its application security practices by focusing on the following:
By prioritizing these areas, Seismic aims to maintain robust protection of their APIs, ensuring the highest standards of security and reliability for their customers.
With apisec continuously working in our staging environment, we eliminated the need for dynamic scanning and costly manual penetration tests. apisec paid for itself in just three months, providing enterprise-grade applicationPI security at a fraction of the cost.