What does application security have to do with Wahed's $370M Success Story?
Reality Check: Annual Pen Test Reports Alone Are A Waste of Your Time & Money
The breaking point came when the delays in receiving essential pen-testing reports started to jeopardize Wahed’s need for regulatory compliance for the US, Malaysia, and UAE financial markets.
Frustrations mounted even more as the vendor’s unresponsiveness became a recurring incident, leaving the FinTech innovators in a difficult position.
Given the stringent industry-specific standards governing their operations in multiple financial markets, their need for timely and comprehensive penetration testing reports became critical with each passing day.
"What set Audacix apart was the constant engagement and on-demand coaching along with detailed vulnerability assessment reports. We were able to find a trustworthy application security solution that exceeded our expectations."
Wahed Snapshot
✔ Company: Wahed Invest LLC
✔ Industry: SaaS/Fintech
✔ Results: $370 million AUM
✔ Regions: Operates in 130 countries
✔ Tech: Shifted left to run security from its CICD pipelines without slowing down new feature development speed
✔ Savings: >250 hours of dev time that would've been spent on security fixes
✔ Savings: $280k in security expert salaries
The Worst Thing A Software Leader Can Do For Their AppSec
As a FinTech innovator Wahed were growing exponentially, their application security vendor wasn’t providing them with the required infrastructure that they were aiming for. For any FinTech company, it's critical to have a strong application security structure to protect the sensitive information hosted across all their applications and APIs in perception and in reality.
However, Wahed was heavily reliant on external vendors for their application security needs. It isn’t easy to shift left with application security with traditional approaches for annual penetration testing.
Not only are manual penetration tests time-consuming, but developers often find it hard to understand these reports and implement the correct fixes within a decent timeframe.
Naturally, this situation culminates in more frustrations, delays in deployment and feeling that security is a ball and chain on your company's growth trajectory.
Wahed believed that this didn't need to be their reality, but they didn't quite understand how to make security a key part of their growth trajectory.
Audacix helped us in reducing additional costs in terms of application security & provided more value with their Cyber Chief solution than any other product was able to.
Nobody wants more vulnerabilities, they want a way to patch them faster
Just finding vulnerabilities isn’t enough for application security - you'll find them wherever you look. Wahed was worried about how their devs would patch security gaps, without slowing down their hectic development schedule.
Their previous annual pentest reports helped explain what the problems were, these reports would offer little by way of actual patching support.
Not only was this troubling for developers who felt left to fend for themselves, but management was frustrated by the lack of ROI from their AppSec investments.
Not only does Cyber Chief give their developers detailed vulnerability patches with code snippets, but when they have other questions, Cyber Chief's "On-Demand Security Coaching" helps them get best-practice answers without having to waste days searching on Google.
While Wahed's dev team is not small, these changes have resulted in an estimated >250 hours of dev time being clawed back for building new features, which otherwise would have been wasted on "trial and error" security patching.
Arif Shanji, CTO of Wahed
Critical Insights: How Audacix Helped Shift Left With Their Application Security Program
Audacix provided Wahed with a 4-pronged security strategy to maximise their ROI for security investment:
Arif Shanji, CTO of Wahed
Work with an application security partner that understands how software is built & deployed, so that your releases aren't delayed & your OKRs are met.
How Audacix Rebooted Wahed’s Security Philosophy
With Cyber Chief DevSecOps capability, Wahed's development team became more self-reliant in managing their application security. This strengthened their overall security posture without having to hire new, expensive security experts.
Naturally, management was thrilled at not having to shell out $280,000 in salaries for new security experts.
One of the noteworthy results was that Wahed no longer had to enquire or guess what needed to be done next. In essence, their application security had been put on autopilot.
But the capability that the Wahed team really appreciated was the "On-Demand Security Coaching" where Audacix’s security coaches helped the FinTech innovator’s development team fix security vulnerabilities in hours, instead of weeks..
Plus, Wahed’s fundraising efforts were boosted by their ability to include a Certificate of Application Security provided by Audacix as part of their investor pitches, because this proved that Wahed was a company where the security of funds, data and IP was the bedrock of everything the are building.
This reboot was made possible by Wahed buying into Audacix's MAP (Modern AppSec Paradigm) which helps them build a culture of security rather than wasting money on random, disconnected and irregular security efforts.
Audacix's Modern AppSec Paradigm (MAP)
✔ 1. Integrated: AppSec runs from CICD
✔ 2. Autonomous: Nobody needs to click a button
✔ 3. Support: for developers when they need it
✔ 4. Depth: periodic, enhanced manual pentests
✔ 5. Champions: that help propogate the culture
Want To Shift Left With AppSec & Use It To Spur Your Own Growth Story?
While these results are impressive...
...Wahed's application security success stems from a team of people who weren't afraid to accept new ideas, recognise past mistakes, and make necessary changes, even if it meant starting from square one.
Throughout the team, Wahed has adopted a growth mindset that allows them build a culture of security and leverage it for even more growth.
⭐⭐⭐⭐⭐What set Audacix apart was the constant engagement and on-demand coaching. We were able to find a trustworthy application security solution that exceeded our expectations.
