Slimstock Case Study

Slimstock secures Inventory data through their API using APIsec

Slimstock is the European market leader in the field of specialized software for inventory optimization. Slimstock has developed methods that can be used to reduce inventory stock by 20 to 30% within 6 months while maintaining service level or even increasing them. Formed in 1993, Slimstock has adapted and grown considerably over the years, leveraging outsourced engineering resources to help deliver product capabilities quickly. With offices in 20 countries and over 1000 customers worldwide, Slimstock is a powerhouse in inventory optimization.

Challenge

As the Slimstock team looked to modernize their application, they adopted an API-focused approach to achieve increased agility and remediate feature gaps at lower costs. This API-focused model allowed them to innovate with Mobile and Web interfaces, however, their customers wanted to be able to access the application through APIs directly exposed to the internet. The customers at Slimstock consumed their products through on-premises or cloud deployment models, requiring a solution that supports both the deployment types.

Slimstock leveraged outsourced engineering development, where appropriate, to aid-in modernizing the application, hence business logic security was something that they had to validate holistically at Slimstock. This was mostly time-consuming and challenging as the Slimstock team would have had to build a team of API security experts and then would have to validate every release and build test cases as things changed. It was a treadmill that was increasing in speed and complexity with an increased attack surface that APIs now expose.

“As we looked towards building our API focused products we were at a cross-road; do we build API Security validations ourselves or do we leverage external companies. APIsec impressed us with what they were able to do quickly and the price to value ratio was incredible.” Daan Majoor - CTO

Solution

APIsec Automated API risk discovery

When Daan and Guus brought APIsec into Slimstock, they knew it had to come in and learn the application and the APIs quickly without handholding by the engineering team.

APIsec began with an automated API risk discovery, with the Swagger definition file. Consuming this definition, the solution built the API feature map automatically, all the way to the business logic layer. Then the BOTs are unleashed to build custom security attack vector creation to uncover the business logic flaws present in RBAC, ABAC, Application DoS attacks and injection flaws that hackers could use.

APIsec was first introduced into the staging environment, prior to the Slimstock application would go live to find critical vulnerabilities. Once these categories were enabled the AI-based matching and categorization process began. The attack vectors were injected in, the AI-driven exploit reporting and remediation engine began to highlight the most critical issues and suggestions
on how to solve.

APIsec had the ability to provide very rich information on each API vulnerability that was uncovered, resulting in less time by developers to understand the issues, allowing for their precious time to be focused more on fixing issues and enhancements.

The team at Slimstock was able to rely on APIsec for all of their API validation requirements, due to the product’s ability to execute validated request and response with an AI-driven Matching and Categorization engine. As the development team changes the API as needed, the APIsec solution automatically discovers the added API features, rebuilds the API feature map and then re-launches the BOTs to create new attack vectors.

“The APIsec team was incredible to work with, they stepped in as partners and integrated and drove the implementation of the solution into our process. We were shocked at the process, speed, efficiency and the focus on our success the APIsec team had for our challenges.” Daan Majoor - CTO

Key Benefits

Conclusions

APIsec is able to bring API security to Slimstock at a fraction of the cost of manual methods, bringing in coverage and protections at the speed of their development.