Four times the tests, the same team.
Before
Thirty short-lived promotional sites a month. A small AppSec team. A legacy ASM tool that flooded them with noise.
After
Four times the tests with zero added headcount. Noise cut by 95%. One inventory of every brand surface, always current.
Where they started
The brand runs roughly thirty promotional microsites every month — campaign landing pages, regional launches, sweepstakes flows. Each lives one to two months and dies. The AppSec team has to test every one before it goes live, and the ones still up need monitoring while they exist.
Their legacy ASM tool wasn't built for that shape of work. It treated every fresh subdomain as a permanent asset and surfaced thousands of stale findings against sites that had already been retired.
What changed
They built a DAST workflow in Trickest that takes a new domain, fingerprints the stack, runs the right scanner profile for what it finds, and lands the results in a typed table. Per-target RPS throttling keeps the scans from knocking over fragile promo infrastructure.
Custom modules handle the campaign-specific cases — auth flows, single-page apps, third-party widgets — without forking the core workflow.
What it shipped
Testing throughput moved from roughly eight tests a month to roughly thirty — four times the volume with the same team. The noise floor dropped 95% because workflows tag findings by campaign and decommission them when the site retires.
One unified inventory shows every active brand surface and what's running against it. The AppSec lead stopped chasing what's still in scope.
By the numbers.
8 → 30
tests per month
4×
testing throughput
95%
noise reduction
0
added headcount
1–2 mo
average site lifespan
30+
promo sites covered