I would rate Apiiro ten out of ten. There are certain features we're asking for That Apiiro is working with us on. Generally, these are not super major things. Apiiro is a mature solution. Apiiro has added a lot of work because there were many things we didn't know about that we had to address. So, theoretically, it has increased our workload because our entire AppSec program was virtually nonexistent for a while. We weren't doing anything, but after implementing Apiiro, there is a lot more work. Therefore, I wouldn't say that it has reduced our manual workload. We hired at least one person specifically to work with Apiiro. In that sense, it is additional work, but it is a good thing, and we somewhat anticipated it. In the past year, we have requested features from Apiiro. One of them has been a bit of a back-and-forth process, but we have met with both of their founders, who have taken the time to meet with us and discuss how we can achieve our goals, even if it means getting what we need from Apiiro in a different way than we originally intended. They have been very engaged with us, and we feel that they treat us like any other customer, even though we are smaller. No maintenance is required except for setting up our configurations. My advice is to use Apiiro strategically. This means that we should not simply bring Apiiro into our environment, take all of its findings at once, and expect the development teams to fix them all within a couple of months. Instead, use Apiiro as a supporting tool for our AppSec strategy. I have seen many organizations bring on Apiiro or similar tools and then simply take all of the findings, create tickets for them, and assign them to developers. However, I believe that we need to be more strategic in how we integrate Apiiro into our culture and workflows.
Tech Lead SecDev Apps at a financial services firm with 51-200 employees
Real User
Top 20
2023-09-29T18:08:00Z
Sep 29, 2023
I wasn't the one that implemented the solution. I inherited it. Our AppSec program is not yet mature in terms of people processes and tools. I'd rate the solution seven out of ten. There are other tools that do similar things to the solution and yet do a lot more than Apiiro. They are not as specialized in source code analysis, however. I'd advise potential users that the solution definitely requires attention. While there is automation, it's not a silver bullet. You have to make sure you have the people in place to automate things, work the alerts, and set everything up correctly.
SAST is a method designed to detect security vulnerabilities within an application's source code. By analyzing the code structure, SAST identifies potential flaws early in the development cycle, promoting secure coding practices and reducing the risk of security issues in production.
Unlike dynamic testing that examines an application during runtime, SAST operates on static code analysis. This early detection capability is crucial as it enables developers to address vulnerabilities before...
I would rate Apiiro ten out of ten. There are certain features we're asking for That Apiiro is working with us on. Generally, these are not super major things. Apiiro is a mature solution. Apiiro has added a lot of work because there were many things we didn't know about that we had to address. So, theoretically, it has increased our workload because our entire AppSec program was virtually nonexistent for a while. We weren't doing anything, but after implementing Apiiro, there is a lot more work. Therefore, I wouldn't say that it has reduced our manual workload. We hired at least one person specifically to work with Apiiro. In that sense, it is additional work, but it is a good thing, and we somewhat anticipated it. In the past year, we have requested features from Apiiro. One of them has been a bit of a back-and-forth process, but we have met with both of their founders, who have taken the time to meet with us and discuss how we can achieve our goals, even if it means getting what we need from Apiiro in a different way than we originally intended. They have been very engaged with us, and we feel that they treat us like any other customer, even though we are smaller. No maintenance is required except for setting up our configurations. My advice is to use Apiiro strategically. This means that we should not simply bring Apiiro into our environment, take all of its findings at once, and expect the development teams to fix them all within a couple of months. Instead, use Apiiro as a supporting tool for our AppSec strategy. I have seen many organizations bring on Apiiro or similar tools and then simply take all of the findings, create tickets for them, and assign them to developers. However, I believe that we need to be more strategic in how we integrate Apiiro into our culture and workflows.
I wasn't the one that implemented the solution. I inherited it. Our AppSec program is not yet mature in terms of people processes and tools. I'd rate the solution seven out of ten. There are other tools that do similar things to the solution and yet do a lot more than Apiiro. They are not as specialized in source code analysis, however. I'd advise potential users that the solution definitely requires attention. While there is automation, it's not a silver bullet. You have to make sure you have the people in place to automate things, work the alerts, and set everything up correctly.