How DoubleVerify Achieved Full API Visibility and Security with Wiz and Escape

Security can’t work in silos. As cloud adoption grows, so does the complexity of securing applications. Tools like Escape and Wiz - when used together by AppSec and Cloud security teams - enable organizations to surface and address vulnerabilities across the entire stack, from code to cloud.

Escape is a modern DAST solution purpose-built for securing APIs and cloud-native applications. It deeply scans for business logic vulnerabilities and integrates seamlessly into your existing CI/CD and infrastructure. Wiz, on the other hand, is a leading cloud security platform that provides comprehensive visibility into cloud infrastructure risks, misconfigurations, and real-time threats—all without deploying agents.

In our recent webinar, Seth Kirchner, Sr. Application Security Manager at DoubleVerify, shared how he leveraged the Wiz x Escape integration to uncover hidden API vulnerabilities, streamline security operations, and drastically improve remediation.

This article explores the key challenges Seth and his team faced, how the integration helped them overcome those issues, and what other AppSec managers can learn from his journey!

DoubleVerify Challenges

DoubleVerify is a global publicly traded ad tech company that verifies the quality and effectiveness of digital ads—operating 24/7, 365 days a year, and handling trillions of API events. They're "very disparate from one another" : some go through an API gateway, others don’t, and some originate from acquisitions or edge services. DoubleVerify security teams are also constantly challenged by the emerging technologies that evolving, emerging attacks within the API landscape, and the API concerns for them continue to grow.

And so wherever our APIs are running, whether they're in our dev environments, in our staging environments, in our production environments, whether they're externally exposed, whether they're internal, we wanted to make sure that we had a holistic view and holistic scanning. - Seth Kirchner, Sr. AppSec Manager, DoubleVerify

 The company needed:

• a centralized inventory of APIs
• a comprehensive scanning capabilities
• a solution that could seamlessly integrate with their existing infrastructure without adding latency - a critical factor in their industry

"Not everything we do goes through an API gateway, and one of the main reasons for this is our very high throughput and very low latency requirements. So it's extremely difficult for us to put things in line. Even small milliseconds of latency make a huge difference for us in our industry. So this creates a really great challenge because we have different forms of APIs that are exposed across our company. And they, in many cases, have different architectures, different designs, and they require some sort of inventory. And so one of the first challenges was how do we get a central inventory?

...It wasn't just north-south traffic. We also really wanted to begin focusing on our east-west traffic as well. And so building that unified inventory helps us go to the next point, which is how do we perform scanning across all of our APIs when we have so many different APIs across our environment.  So, wherever our APIs are running, whether they're in our dev environments, in our staging environments, in our production environments, whether they're externally exposed, whether they're internal, we wanted to make sure that we had a holistic view and holistic scanning." - Seth Kirchner, Sr. AppSec Manager, DoubleVerify

A key requirement in addressing these challenges was to avoid deploying duplicate agents:

"So, these challenges required us to build a solution that also didn't require duplicative agents. We didn't want sensors, multiple sensors running on every single workload that we had in our environment. With the increased usage of microservices, which we heavily rely on, we wanted to make sure that we had coverage across the way."

The Solution: A Unified Approach with Wiz and Escape

To address these challenges, DoubleVerify leveraged the combined strengths of Wiz and Escape. Wiz, a cloud security platform, provided the foundational layer by focusing on infrastructure risks, misconfigurations, and vulnerabilities. Its agentless approach allowed for quick integration with cloud provider APIs, offering a detailed topology of cloud resources and their interactions.

Escape, on the other hand, brought advanced dynamic application security testing (DAST) capabilities to the table. By focusing on modern threats, including business logic vulnerabilities, Escape complemented Wiz's offerings by providing deeper insights into API security.

"We knew that Escape is really powerful on the dynamic scanning and making sure that we have complete coverage, looking at business challenges, and making sure that we map our API attack surface to those business challenges. And Wiz on the cloud security and container security side and code security now, we wanted to make sure that we had holistic visibility. And so this allowed us to create a really great partnership between both solutions in order to provide DoubleVerify the most value possible." - Seth Kirchner, Sr. AppSec Manager, DoubleVerify

Step-by-step workflow

1. Get the information: Wiz's Dynamic Scanner finds exposed cloud resources and hands them over to Escape.

"So we would get, for example, a list of URL endpoints, a list of relevant ports that might have been discovered, and this information was step one."

2.Enrich and Classify: Escape automatically enriched the data—identifying schemas, endpoint types, and applying classifications.

3. Run Dynamic Scans:

"So once we had a good understanding of that particular endpoint and what it was serving, we were able to run hundreds if not thousands of dynamic scans against this particular target and look for potential business logic vulnerabilities, any secrets, any CVEs or CWEs that might be impacting this particular endpoint."

4.Push Findings Back to Wiz: The results were then fed back into the Wiz Security Graph, enriching the context for cloud and code-level insights.

“This allowed us to build sort of this holistic, unified area where we could connect with all of our different sources that were serving our APIs and through this process, allow us to not only get a complete inventory of all of our APIs, but then push that data into the Wiz Graph, so that way we can view all of our information there.

Here's an example of just one of the Escape findings that would have been imported into Wiz:

It is a particular finding around Access Control Allow Origin Header, and this is a vulnerability that's not too common, but often common in many APIs that are built and developed.

The Main Benefits for DoubleVerify

The integration didn’t just provide visibility—it created real, tangible improvements to DoubleVerify’s security posture:

"One of the key messages that I hope to deliver is that this integration allowed us to build a unified API-based external attack surface management page. "

So it allowed us to pull the complete inventory from Wiz, allowed us to enrich those items completely, scan them in extreme depth, giving us certainty and coverage that we might not have been missing any particular vulnerabilities or misconfigurations, and then push this data back into ways building this unique holistic perspective.

DoubleVerify greatly attributes a lot of their API success to the combination of having Wiz and Escape simultaneously together as a unified uh integration and partnership. And this gives DoubleVerify more certainty that our APIs are not only discovered but they're inventoried, and that they're tested and secured properly.
Seth Kirchner, Sr. AppSec Manager, DoubleVerify

Faster Remediation: Less Time Chasing, More Time Fixing

Additionally, one of the most impactful benefits was the acceleration of remediation workflows:

“That enhancement to our triage process has been really great... it’s enabled my team to go and help teams burn down API-specific vulnerabilities that we may not have had visibility into previously.”

Thanks to detailed findings from Escape and streamlined visibility in Wiz, Seth’s team could quickly route issues to the right teams.

Integration and Implementation

Deployment

Deploying the integration was straightforward. According to Seth, DoubleVerify granularly rolled it out to various systems just to make sure it's set up properly. The results are what they expected. Now, the integration is running smoothly:

“At least once a day, new data is pulled from Wiz, scanned by Escape, and pushed back into Wiz… it’s a smooth daily cycle.”

Setup Requirements

• On Wiz: Add the Escape integration in the integrations panel
• On Escape: Enable data pushback via the workflow panel

“We really focused on making this integration as easy as possible… just two connections and it works out-of-the-box with existing configs.”
— Tristan Kalos, CEO at Escape

You can find more information about Escape x Wiz integration setup in Escape's documentation.

Conclusion

DoubleVerify’s journey shows just how powerful the combination of Wiz and Escape can be for modern AppSec teams. What started as a fragmented and complex attack surface is now a streamlined, high-confidence vulnerability management process - built for scale.

With holistic visibility and faster remediation, the Wiz + Escape integration is proving to be a game-changer for cloud-native security teams.

If your organization is struggling with incomplete API visibility or disjointed AppSec and CloudSec workflows, this integration might be exactly what you need!

You can always book a demo with our team and see it for yourself

Discover other feedback from Escape's customers below :

• Case Study: How Escape helps the French Football Federation secure the development of its online services
• Case Study: How Sungage Financial improved their application security within 1 week
• Case Study: How Lightspeed ensures full security compliance with Escape
• Case Study: How Escape enhanced Shine's application security