Cookies Notice
This site uses cookies to deliver services and to analyze traffic.
Like most fintech organizations that depend on agile development processes to be constantly innovating, SoFi meticulously balances its organizational goals with its risk appetite and compliance requirements. For the SoFi application security team, that means deeply understanding and mitigating application risk without slowing down development velocity.
As a team of 16 supporting 2000+ developers across 5200+ repositories, the SoFi AppSec team knew they couldn’t possibly manually review each and every code change. They sought a partner to help them gain visibility across their application portfolio to focus on the most business-critical risks, scale their security review efforts, and optimize the time they spent fixing risks.
With Apiiro’s application security posture management (ASPM) platform, SoFi’s AppSec team was able to build an exhaustive inventory of their application technologies, components, and attack surface—from repositories, APIs, and open source packages to contributor activity, material code changes, and beyond. Apiiro also provides out-of-the-box insight into exposed secrets and sensitive data in code, open source vulnerabilities, API security weaknesses, and more, giving them a single pane of glass for prioritizing application security findings.
Apiiro gives SoFi’s team continuous oversight into potential risks that need security design reviews by analyzing commits for material code changes in the context of their application. Leveraging Apiiro’s policy engine, SoFi can define exactly what they categorize as a critical business risk. Then, whenever a risky material code change or risk is flagged, Apiiro’s workflows trigger the appropriate process, such as creating a security design review ticket.
Combining automation and context powered by Apiiro’s deep code analysis enables SoFi to prevent new risks without blocking developers.
SoFi (NASDAQ: SOFI) is a member-centric, one-stop shop for digital financial services on a mission to help their more than 7.5 million members borrow, save, spend, invest, and protect their money better.
Industry: Financial Services
Employees: 5000+
Developers: 2000+
“There’s a lot of ASPMs out there. I don’t think we have run across one that’s doing code analysis the way Apiiro does and providing us the insights that Apiiro does.”
—Zach Schulze, Sr. Staff Application Security Engineer, SoFi