Case Study: How Escape helps the French Football Federation secure the development of its online services
The French Football Federation (FFF) is the governing body of football in France, overseeing all aspects of the sport from amateur levels to professional leagues. To fulfill its mission of promoting and developing football, the FFF relies on robust digital platforms and APIs to manage a wide range of data and interactions.
Use Cases
- Continuous API Discovery
- Collection of exploitable information for an efficient remediation
The FFF chose Escape to create a global catalogue of its APIs and to check if they are developed with the best security practices in mind.
The problem
- Identifying and documenting all the APIs: FFF's information system uses a large number of APIs developed by different teams. Each team has its own API repository with a limited central overview. This decentralized approach made it difficult to have an up-to-date inventory and to comply with the IT standards. The FFF was looking for a solution able to automatically discover, catalogue, and document every API to ensure that no API was overlooked or undocumented.
- Raising awareness in development teams: it was crucial to raise awareness among teams about implementing best practices and security requirements when developing APIs.
1. A lack of centralized visibility on all the APIs.
2. Difficulty in convincing development teams of the gravity of issues that could exist when developing APIs.
3. Needed an external tool to control exhaustively all of the APIs.
The Solution
“Our top priority was to achieve complete visibility and conduct detailed, valuable analysis. That’s exactly what the product delivers.” - Claude-Alain Sabatier, Director of IT Governance and Security.
After starting to use Escape, the FFF observed immediate improvements in the management and security of their APIs:
- Continuous discovery and surveillance: the continuous discovery function of Escape allowed the FFF to maintain an exhaustive and up-to-date inventory
- Actionable insights for remediation: Escape gives detailed documentation and directly usable information for developers to maintain and improve security, making it easier to implement fixes for the framework and language used.
“What is valuable about the tool is not only that it highlights vulnerabilities, it also explains and indicates in a documented manner what needs to be done to remedy the defects that have been detected." - Claude-Alain Sabatier, Director of IT Governance and Security.
How Escape stood out for the FFF
According to Claude-Alain Sabatier, Escape stood out for three main reasons :
- Complete API visibility: Escape's strong discovery tools provide a precise and exhaustive inventory.
- Detailed security information: The in-depth analysis and suggested remediations guarantee that all APIs comply with strict regulations.
- Seamless Integration: Escape's easy integration in the existing CI/CD pipelines allowed continuous security controls without disturbing deployment processes.
Escape is also always there for the FFF, helping with daily tasks and fixing technical issues that may arise.
The Impact
“Escape has not only improved our API visibility, but also improved the way our development teams approach security early in projects.” - Claude-Alain Sabatier, Director of IT Governance and Security.
The introduction of Escape led to a significant improvement in the management and security of APIs at the FFF:
- Improved Visibility: The FFF now has access to a complete and precise view of its API landscape, which is essential for efficient management and security.
- Efficient security practices: The exploitable information and detailed remediation steps given by Escape simplify the process of compliance with strict regulations.
Future plans
The FFF is looking to expand Escape's usage to also cover internal API, assuring more in-depth security. They are also aiming to leverage Escape features to better comply with industry standards.
Start securing your APIs for free
Get a complete inventory of your APIs and start fixing your vulnerabilities with detailed solutions for developers.
🚀 Ask for a demoDiscover other application security case studies: