Industry

Fintech

Company Size

# of Developers: ???
# of Security Personnel: ???

CI/CD Technologies

SCM: BitBucket, Github
CI: Jenkins
Cloud: AWS

The Challenge

  • A leading fintech-as-service platform founded in 2016 with a global payment network operating in more than 100 countries, Rapyd has experienced massive growth across all business units since 2020, including an increase of over 100 percent in the size of the engineering organization. ֿ
  • Within this 2 year period, in parallel to facing the challenges of supporting hyper growth and increased velocity in development, Rapyd’s AppSec group were required to facilitate the absorption of two major acquisitions done by the company, including securely merging codebases and CI/CD processes into the company’s existing stack, and expanding the scope of security governance over engineering to include these acquisitions.
  • An avid adopter of innovative security technologies, Rapyd were seeking for a solution to provide full, continuous visibility over their rapidly growing engineering ecosystem while in parallel accelerating the journey towards optimizing their CI/CD Security posture.

The Solution

  • Rapyd made use of Cider’s “InCider” module to map the technical characteristics of the company’s acquisitions, quickly and effectively identifying all technologies in use and obtaining a full mapping of the newly added elements to their attack surface. Rapyd continues to use Cider’s visibility capabilities on an ongoing basis to achieve a continuous, comprehensive mapping of the “Technical DNA” of their engineering ecosystem.
  • With Jenkins Security a primary area of focus, Rapyd leveraged Cider capabilities to gain control over the organization build and deployments processes in parallel to leveraging the Cider scanner marketplace to implement multiple open source SAST scanners against their entire codebase.
  • Sharing Cider’s vision around the need for a unified platform to address all AppSec related challenges, Rapyd was one of Cider’s earliest adopters, working closely both with the product as well as Cider’s research group to analyze Rapyd’s environment and assess its posture against the Top 10 CICD Security Risks.
Cider Security has been acquired by Palo Alto Networks