The French Football Federation (FFF) is the governing body of football in France, overseeing all aspects of the sport from amateur levels to professional leagues. To fulfill its mission of promoting and developing football, the FFF relies on robust digital platforms and APIs to manage a wide range of data and interactions.

Use Cases

• Continuous API Discovery
• Collection of exploitable information for an efficient remediation

The problem

• Identifying and documenting all the APIs: FFF's information system uses a large number of APIs developed by different teams. Each team has its own API repository with a limited central overview. This decentralized approach made it difficult to have an up-to-date inventory and to comply with the IT standards. The FFF was looking for a solution able to automatically discover, catalogue, and document every API to ensure that no API was overlooked or undocumented.
• Raising awareness in development teams: it was crucial to raise awareness among teams about implementing best practices and security requirements when developing APIs.

The Solution

“The priority was to have this complete vision and then be able to carry out an analysis that was precise and added value. This is also what the product provides.” – Claude-Alain Sabatier,

After starting to use Escape, the FFF observed immediate improvements in the management and security of their APIs:

• Continuous discovery and surveillance: the continuous discovery function of Escape allowed the FFF to maintain an exhaustive and up-to-date inventory

• Actionable insights for remediation: Escape gives detailed documentation and directly usable information for developers to maintain and improve security, making it easier to implement fixes for the framework and language used.

“What is valuable about the tool is not only that it highlights vulnerabilities, it also explains and indicates in a documented manner what needs to be done to remedy the defects that have been detected." – Claude-Alain Sabatier, Director of IT Governance and Security.

How Escape stood out for the FFF

According to Claude-Alain Sabatier, Escape stood out for three main reasons :

1. Complete API visibility: Escape's strong discovery tools provide a precise and exhaustive inventory.
2. Detailed security information: The in-depth analysis and suggested remediations guarantee that all APIs comply with strict regulations.
3. Seamless Integration: Escape's easy integration in the existing CI/CD pipelines allowed continuous security controls without disturbing deployment processes.

Escape is also always there for the FFF, helping with daily tasks and fixing technical issues that may arise.

The Impact

“Escape has not only improved our API visibility, but also improved the way our development teams approach security early in projects.” – Claude-Alain Sabatier, Director of IT Governance and Security.

The introduction of Escape led to a significant improvement in the management and security of APIs at the FFF:

• Improved Visibility: The FFF now has access to a complete and precise view of its API landscape, which is essential for efficient management and security.
• Efficient security practices: The exploitable information and detailed remediation steps given by Escape simplify the process of compliance with strict regulations.

Future plans

The FFF is looking to expand Escape's usage to also cover internal API, assuring more in-depth security. They are also aiming to leverage Escape features to better comply with industry standards.

---

Discover other application security case studies:

• Case Study: How Lightspeed ensures full security compliance with Escape
• Case Study: How Escape enhanced Shine's application security

*** This is a Security Bloggers Network syndicated blog from Escape - The API Security Blog authored by Alexandra Charikova. Read the original post at: https://escape.tech/blog/case-study-how-escape-helps-the-french-football-federation/