As Slimstock modernized from a monolithic on-premise product to an API-based cloud SaaS, it had to give customers direct API access and secure every release, without building an expensive in-house security team and while working with a third-party engineering group.
Slimstock partnered with apisec, which completed initial risk discovery in 24 hours and deployed into staging without disrupting CI/CD. apisec tested for vulnerabilities and business-logic flaws across the full estate, not just the small slice manual pen tests could reach.
Slimstock validates 500+ APIs continuously, cut manual testing cost by 90%, and reached its first proof of exploitable risk within 24 hours, with no in-house security team.
Company: Slimstock
Founded: 1993
Industry: Inventory Management
Mission: We help companies build more resilient supply chains
Slimstock, based in Colorado, initially developed as an on-premise inventory management system for manufacturers, wholesalers, and retailers. In response to customer demand for a SaaS solution, Slimstock transitioned to an API-based architecture to enhance agility and innovation.
As Slimstock modernized their application to an API-focused model, they faced several challenges:
To address these challenges, Slimstock needed to build a team of application security experts, validate every release, and manually test APIs regularly, all of which were time-consuming and expensive. Additionally, they were working with a third-party engineering team, complicating the process further.
After evaluating their options, Slimstock partnered with apisec to automate and enhance their application security. apisec provided a solution that met all their requirements:
Unlike manual penetration tests, which covered only a small portion of Slimstock's 700 API endpoints,
tested for vulnerabilities and business logic flaws, providing comprehensive security.
“The apisec team was incredible to work with; they stepped in as partners and integrated and drove the implementation of the solution into our process. We were shocked at the process, speed, efficiency, and the focus on our success the apisec team had for our challenges.”
— Daan Majoor, CTO, Slimstock
“As we looked towards building our API-focused products, we were at a crossroads; do we build API Security validations ourselves, or do we leverage external companies. apisec impressed us with what they were able to do quickly, and the price-to-value ratio was incredible.”
— Daan Majoor, CTO, Slimstock
Slimstock is committed to maintaining and enhancing its application security practices by focusing on the following:
By prioritizing these areas, Slimstock aims to maintain robust application protection and ensure the highest standards of security and reliability for its customers.
As we looked towards building our API-focused products, we were at a crossroads; do we build API Security validations ourselves, or do we leverage external companies. apisec impressed us with what they were able to do quickly, and the price-to-value ratio was incredible.