Shine is the online banking subsidiary of Société Générale, one of the leading financial services groups in Europe. Specifically designed for professionals with a commitment to innovation and customer satisfaction, Shine offers a range of online banking solutions tailored to the modern user. At the heart of Shine's technological infrastructure is a federated GraphQL system. This advanced system merges REST APIs and is primarily consumed by the company's first-party mobile and web applications.
- Continuous APIs discovery
- Getting actionable insights for impactful remediation
- Shifting left with continuous security in CI/CD
Shine chose Escape to enhance its application security, achieve a thorough inventory of their APIs, and help developers fix issues quickly.
With the ever-expanding threats, it's crucial for a fintech company like Shine, dealing with sensitive and private information, to be able to identify and stop them. The company has found it challenging not only to identify problems but also to implement relevant fixes. To overcome these challenges, Shine needed a solution to automate a comprehensive API inventory (Attack Surface Management) and allow developers to perform autonomous vulnerability testing and remediation right from the development process.
Additionally, Shine relies on a federated GraphQL system, consumed by the company's first-party mobile and web applications. Many tools in the market had a blind spot regarding GraphQL support that Shine needed.
- Identifying the APIs exposed by their organization.
- Assessing the risk associated with every exposed API.
- Providing developers with actionable insights to reduce risk across applications.
“Escape was able to find and help us fix API security flaws directly on our staging platform. By doing so before rolling out to production, Escape allows us to always do our best to stay secure and ahead of hackers.” - Nicolas Gaudin, CISO
Upon implementing Escape, Shine saw immediate results:
An instant catalog of all exposed applications.
Upon implementing Escape, Shine quickly saw some important improvements. One notable benefit was the creation of an instant catalog of all exposed applications. This catalog provided a comprehensive view of the organization's application landscape, enabling Shine to gain better control over its attack surface and make informed decisions regarding security priorities. With a clear understanding of the applications in their environment, Shine was better equipped to allocate resources and focus on what needed protection.
Continuous risk assessment of every exposed application
Another remarkable outcome of implementing Escape was the continuous risk assessment of every exposed application. This real-time evaluation ensured that Shine's security team is always aware of potential vulnerabilities and threats across their application portfolio. By staying ahead of emerging risks, Shine proactively addresses security issues, significantly reducing the likelihood of breaches. This approach is especially crucial in the financial sector, where data integrity and customer trust can determine a business's life or death.
Seamless integration of security testing and developer-friendly remediation within the CI/CD
One of the most significant advantages of implementing Escape was the seamless integration of security testing and developer-friendly remediation within the CI/CD pipeline. This integration not only streamlined the security assessment process but also fostered collaboration between security teams and developers. By embedding security practices into the software development lifecycle, Shine was able to catch and resolve vulnerabilities early on, ultimately saving time and resources and strengthening their application security.
How Escape stood out for Shine
Escape stood out from the competition for three primary reasons:
- Superior GraphQL support, making it a top choice for securing GraphQL-based applications.
- Escape uses advanced AI technology to find and report security problems accurately. This makes it easier for Shine to fix vulnerabilities in their applications efficiently.
- A quick and easy setup process. It enabled Shine to get immediate API inventory and start testing right away.
Escape also accompanied Shine in their day-to-day ops, providing constant support and resolving technical issues and requests as quickly as possible.
The impact: swiftly secured applications
In a week, Shine covered 4 applications, accounting for 300 endpoints.
Being able to implement relevant fixes is a key
Developers at Shine could autonomously use Escape for remediation, ensuring swift action upon discovering vulnerabilities. Escape's guidance includes detailed instructions on implementing the fix, including the specific path and parameters to replicate the vulnerability. Developers can also export reproducible queries to test the fix, ensuring that the vulnerability has been fully addressed. If left unchecked, these vulnerabilities could have had severe repercussions for Shine.
"It's been a huge benefit for the development team."
Want to see how detailed Escape's remediation guidance is? Sign up for a demo below 👇
With the success of the current collaboration, Shine is looking forward to expanding its partnership with Escape. The plan is to extend the contract to cover Shine's REST attack surface and its existing GraphQL applications.
What advice does Shine give to financial companies looking to secure their APIs?
"Choose a vendor whom you can trust and who can accompany you the best in transition to catalog and secure all your APIs."