close
close

Case study: How Escape helps the French Football Federation secure the development of its online services

The French Football Federation (FFF) is the governing body of football in France and oversees all aspects of the sport from amateur to professional leagues. To fulfil its mission of promoting and developing football, the FFF relies on robust digital platforms and APIs to manage a wide range of data and interactions.

use cases

The problem

  • Identify and Documentation of all APIs: The FFF's information system uses a large number of APIs developed by different teams. Each team has its own API repository with limited centralized visibility. This decentralized approach made it difficult to have an up-to-date inventory and comply with IT standards. The FFF was looking for a solution that could automatically discover, catalog and document each API to ensure that no API was overlooked or left undocumented.
  • Raising awareness among development teams: Raising awareness among teams about implementing best practices and security requirements when developing APIs was critical.

💡

The main topics included:

1. There is no central visibility of all APIs.
2. It is difficult to convince development teams of the seriousness of the problems that can arise when developing APIs.
3. Needed an external tool to comprehensively control all APIs.

The solution

The priority was to have this complete vision and then to be able to carry out an analysis that is precise and valuable. This is also what the product offers.” – Claude-Alain Sabatier,

After FFF began using Escape, they saw immediate improvements in the management and security of their APIs:

  • Continuous detection and monitoring: Escape's continuous discovery feature enabled the FFF to maintain a comprehensive and up-to-date inventory
Example of an inventory from EscapeI
  • Actionable insights to fix: Escape provides developers with detailed documentation and actionable information to maintain and improve security, making it easier to implement fixes for the framework and language in use.
Example of a code addition to fix

“The value of this tool is not only that it identifies vulnerabilities, but also that it explains in a documented way and indicates what needs to be done to fix the identified deficiencies.” – Claude-Alain Sabatier, Director of IT Governance and Security.

How Escape stood out for the FFF

According to Claude-Alain Sabatier, Escape stood out for three main reasons:

  1. Full API visibility: Escape's powerful detection tools enable accurate and comprehensive inventory.
  2. Detailed safety information: The in-depth analysis and proposed remediation actions ensure that all APIs comply with strict regulations.
  3. Seamless integration: Escape's easy integration into existing CI/CD pipelines enabled continuous security controls without disrupting deployment processes.

Escape is also always there for the FFF and helps with daily tasks and solving any technical problems that may arise.

The impact

Escape has not only improved our API visibility, but also the way our development teams approach security early in projects.” – Claude-Alain Sabatier, Director of IT Governance and Security.

The introduction of Escape led to a significant improvement in the management and security of the APIs at FFF:

  • Improved visibility: The FFF now has access to a complete and accurate view of its API landscape, which is critical for efficient management and security.
  • Efficient security practices: Escape's actionable intelligence and detailed remediation steps make it easy to comply with strict regulations.

future plans

FFF wants to expand the use of Escape to cover internal APIs to provide more comprehensive security. They also want to use Escape features to better meet industry standards.


Discover more application security Case studies:

***This is a Security Bloggers Network syndicated blog from Escape – The API Security Blog, written by Alexandra Charikova. Read the original post at: