Griffen Global Case Study

Matt Jenks, CTO / CTIO

”EstateSpace offers secure asset management solutions for principals and estate managers. Through their suite of services, EstateSpace, provides tools for maximizing the value of physical assets, streamlining the management of estates and simplifying the lives of principals and estate managers.“


“In developing a revolutionizing physical asset manage platform, EstateSpace is keenly aware of the security risks imposed on the infrastructure. We looked for tooling that helps us to identify and mitigate risks early in the development process. Our DevSecOps strategy relies on identifying potential problems early in the build and deployment process and mitigating them before they are deployed.”

“A further challenge of identifying potential security gaps is to not disrupt the development and test flow of the engineers. This needs that the tooling needed to play within the existing DevSecOps infrastructure.”


“At EstateSpace, we addressed these challenges by selecting APIsec to augment our Cybersecurity testing against our API. APIsec was a natural fit as they offered automatic identification of privilege-based escalation vulnerabilities and unauthorized access to resources directly against our OpenAPI published API, which serves as the foundation for our web and mobile UX.”

“Through the use of playbooks each designed for a particular vulnerability type, APIsec was able to quickly generate approximately 1500 playbooks against over 150 API endpoints, testing thousands of potential vulnerabilities.”

“We found APIsec to be a great partner to work with overall, but especially when it came to our DevSecOps tooling. While their APIsec dashboard provides a rich set of test metrics, for our DevSecOps process, we needed information at the developer’s fingertips, not behind an authentication wall. Constantly making developers search through logs from alternate websites was a non-starter for us. APIsec worked with us to provide vulnerability information directly into the defect tracking software. This provided developers with all the information needed to debug and identify the source of the defect, resulting in faster closure rates for privilege escalation related defects. Further, the APIsec tooling would automatically closed existing defects if the playbooks passed on their subsequent runs, resulting in reduced project management overhead for managing defects.”


“With APIsec as a partner, our privilege escalation testing was put together in under a month, resulting in a great return on investment as the total cost is well below the cost of a single security test engineer.”