Case Study: Top Financial Firm achieves scalable application security and 100% PCI compliance with Black Duck

How a Top Financial Firm Scaled Its Application Security Program and Accelerated Digital Transformation

This Fortune 500 financial corporation — one of the top 10 U.S. banks — was modernizing mobile and eBanking under time and budget pressure but needed to scale application security across hundreds of applications with only a handful of AppSec experts. Major challenges included automating AppSec for API-driven apps, meeting PCI and regulatory requirements during audits, and cutting the heavy overhead of triaging false positives from automated scanners that slowed development.

Black Duck deployed Continuous Dynamic DAST, Continuous Dynamic Auto API, manual business-logic assessments, and security testing services (including program managers and SMEs) to provide production-safe, 24/7 scanning with verified findings. The phased program enabled scalable, low false‑positive continuous scanning across hundreds of apps, faster remediation, developer education, measurable metrics, and boosted PCI compliance from 40% to 100% within six months — reducing costs and improving AppSec ROI.