Slimstock software’s transition from on-premise monolith to API-based SaaS was no simple feat. Slimstock, the Colorado-based inventory management system founded in 1993, was originally built as a monolithic, on-premise software. It was designed to be downloaded and hosted locally by manufacturers, wholesalers, and retailers.
When customers began asking for a SaaS (Software as a Service) solution in place of the on-premise solution, Slimstock knew they needed to transition away from a monolithic architecture, and towards a leaner, API-based architecture.
As the Slimstock team modernized their application, they adopted an API-focused approach to achieve increased agility and remediate feature gaps at lower costs. This API-focused model allowed them to innovate with Mobile and Web interfaces. However, their customers wanted to be able to access the application’s data through APIs directly.
Slimstock needed to test and validate their APIs in-house. This is time-consuming and challenging, as Slimstock would have had to build a team of API security experts, validate every release, and build test cases as things changed. To make matters slightly more complicated, Slimstock was working with a third-party engineering team to develop their SaaS.
As we looked towards building our API focused products we were at a cross-road; do we build API Security validations ourselves or do we leverage external companies. APIsec impressed us with what they were able to do quickly and the price to value ratio was incredible.
- Daan Majoor - CTO
After evaluating this costly problem and trying a manual penetration testing firm, they soon realized that the manual testing only covered a small portion of their 700 API endpoints. Before long, Slimstock reached out to APIsec.
Firstly, Slimstock needed help securing exposed APIs with confidential data. Secondly, they needed a solution that would work despite a third-party engineering team working away in the background. Thirdly, Slimstock needed assurances that the solution would work even though they had no in-house API or cyber security team. APIsec ticked all the boxes.
Unlike their previous manual penetration tests, which were only checking for vulnerabilities, APIsec began testing Slimstock’s API for business logic flaws, which are a popular way for hackers to gain access to confidential data.
Despite Slimstock’s API having over 500 endpoints, APIsec nestled into the staging environment to provide automated vulnerability and logic testing with total coverage.
Before long, Slimstock could inform their customers, partners, and investors that they weren’t just protecting against API attacks, they were actively preventing them, too.
After just a week of onboarding, APIsec was in place and working with more efficiency than a manual penetration test, and for a lesser cost than it takes to hire an API security expert.
The APIsec team was incredible to work with, they stepped in as partners and integrated and drove the implementation of the solution into our process. We were shocked at the process, speed, efficiency, and the focus on our success the APIsec team had for our challenges.
- Daan Majoor - CTO