Monday.com was facing challenges scaling its AppSec practices due to the use of old-school AST tools, lack of automation, inefficient risk prioritization, and undetected vulnerabilities such as “ghost packages.” Backslash App Graph technology transformed Monday’s security program with full repository coverage, automated new repo detection, smarter upgrade decisions via the “Patch Upgrade Simulator,” and the identification of ghost packages. Policies were seamlessly pushed from the AppSec team to the engineering CI/CD process, integrating directly into Monday.com’s security ticketing system. This shift enabled a mindset change from managing a multitude of “raw findings” to focusing on risk reduction with evidence-backed insights, making security an integral and scalable part of monday.com’s development lifecycle.
Before adopting Backslash, Monday.com struggled to scale its AppSec practices with its rapidly growing engineering team of more than 500 developers. Traditional scanning tools generated excessive noise, making it difficult to focus on actionable risks and creating inefficiencies for both security and development teams. They lacked automation for identifying and managing new repositories, making comprehensive security coverage challenging. Risk prioritization was unclear without evidence of exploitability, causing friction between teams. Additionally, manual processes for managing open-source package updates and undetected “ghost packages” left vulnerabilities unaddressed, hindering the team’s ability to build an effective and scalable AppSec program.
Backslash App Graph is a revolutionary technology that generates a digital twin of the application rather than scanning code line-by-line. This graph-based approach enables comprehensive visibility into the application’s structure, connections, and data flow, facilitating a new age of security analysis. By identifying vulnerabilities through concepts like “reachability” and “triggerability,” the App Graph prioritizes real risks while eliminating noise, allowing teams to focus on actionable issues. Enriched with expert knowledge, business process impact, and LLM-driven insights, the App Graph transforms application security from reactive scanning to proactive, scalable risk management, making it an unparalleled tool for modern AppSec programs.
With Backslash providing full coverage of its code repositories, monday.com was able to:
.png)
