Case study · Slimstock

Slimstock secures its shift from monolith to APIs, minus the security team

Slimstock secured its shift from monolith to APIs, cutting manual testing cost 90% with no in-house security team.

500+
APIs validated
90%
lower testing cost
24 hrs
to first proof

The challenge

As Slimstock modernized from a monolithic on-premise product to an API-based cloud SaaS, it had to give customers direct API access and secure every release, without building an expensive in-house security team and while working with a third-party engineering group.

What they did

Slimstock partnered with apisec, which completed initial risk discovery in 24 hours and deployed into staging without disrupting CI/CD. apisec tested for vulnerabilities and business-logic flaws across the full estate, not just the small slice manual pen tests could reach.

The outcome

Slimstock validates 500+ APIs continuously, cut manual testing cost by 90%, and reached its first proof of exploitable risk within 24 hours, with no in-house security team.

About Slimstock

Company: Slimstock
Founded: 1993
Industry: Inventory Management
Mission: We help companies build more resilient supply chains

Slimstock, based in Colorado, initially developed as an on-premise inventory management system for manufacturers, wholesalers, and retailers. In response to customer demand for a SaaS solution, Slimstock transitioned to an API-based architecture to enhance agility and innovation.

Business Challenge: Third-Party Involvement and Mounting Costs

As Slimstock modernized their application to an API-focused model, they faced several challenges:

  • Transitioning from a monolithic on-premise application to a cloud-based SaaS model.
  • Providing customers with direct API access.
  • Ensuring secure development and validation of APIs without skyrocketing costs.

To address these challenges, Slimstock needed to build a team of application security experts, validate every release, and manually test APIs regularly, all of which were time-consuming and expensive. Additionally, they were working with a third-party engineering team, complicating the process further.

Key Challenges:

  • Securing APIs with confidential data.
  • Integrating security measures despite third-party engineering involvement.
  • Lacking an in-house API or cybersecurity team.

The Solution: A Simple Remedy for a Complex Problem

After evaluating their options, Slimstock partnered with apisec to automate and enhance their application security. apisec provided a solution that met all their requirements:

Key Considerations:

  • Initial API risk discovery scanning was completed in just 24 hours.
  • Seamless deployment into the staging environment without disrupting the CI/CD workflow.
  • Automated testing and reporting handled by apisec, eliminating the need for in-house API security experts.

Unlike manual penetration tests, which covered only a small portion of Slimstock's 700 API endpoints,

  • apisec

tested for vulnerabilities and business logic flaws, providing comprehensive security.

The Business Impact: Pre-Emptive & Cost-Effective Application Security

Application Security Coverage:

  • Number of APIs covered: 500+
  • Frequency of automated tests: Continuous

Cost Savings:

  • Reduction in manual pen-testing costs: 90%

Deployment Speed:

  • Time to integrate apisecc: <1 week

Vulnerability Detection:

  • Number of vulnerabilities detected and remediated: 200+ in the first month

Rapid Integration and Efficiency

“The apisec team was incredible to work with; they stepped in as partners and integrated and drove the implementation of the solution into our process. We were shocked at the process, speed, efficiency, and the focus on our success the apisec team had for our challenges.”
— Daan Majoor, CTO, Slimstock

Incredible Price-to-Value Ratios

“As we looked towards building our API-focused products, we were at a crossroads; do we build API Security validations ourselves, or do we leverage external companies. apisec impressed us with what they were able to do quickly, and the price-to-value ratio was incredible.”
— Daan Majoor, CTO, Slimstock

Looking Ahead: Sustaining Security Excellence

Slimstock is committed to maintaining and enhancing its application security practices by focusing on the following:

  • Expanding Testing Coverage: Broadening the scope of application security tests to cover new API functionalities and services.
  • Enhancing Automation: Increasing automation in security processes to reduce manual intervention and accelerate response times.
  • Continuous Training: Investing in ongoing training for development and security teams to stay updated with the latest security practices and threats.
  • Collaborating with apisec: Leveraging new features and updates from apisec to enhance their security posture.

By prioritizing these areas, Slimstock aims to maintain robust application protection and ensure the highest standards of security and reliability for its customers.

As we looked towards building our API-focused products, we were at a crossroads; do we build API Security validations ourselves, or do we leverage external companies. apisec impressed us with what they were able to do quickly, and the price-to-value ratio was incredible.

Daan Majoor · CTO, Slimstock