Reinventing how people buy and sell homes—securely online

Download Case Study
Real Estate
North America
Greg Phillips
Chief Technology Officer Houwzer

As the Chief Technology Officer for Houwzer, Greg leads the development and deployment of Houwzer’s technology and data platforms, evangelizing data-driven decision making across the organization.

Executive Summary

Houwzer’s digital delivery system is built on a highly complex, monolithic API with extensive personalization and localization to support diverse customer needs across different real estate markets. The company lacked visibility into all the possible ways its API was being used or how it was behaving in the real world. This created security concerns, as Houwzer could not know where or how sensitive data was exchanged, or if bad actors could exploit vulnerabilities to gain unauthorized access to private information.

Houwzer prioritized adopting an API Security platform to address these concerns.

As the head of technology with some security background, I’m able to use Traceable AI to monitor and secure our environment without adding people. Traceable AI completely changed the way I thought about securing our APIs

Case Study Highlights


Houwzer is a socially responsible real estate and mortgage brokerage that prioritizes customer-centric services, cost savings for sellers, and community support.

  • Monolithic API complexity
  • Limited visibility into API activity
  • Limited insight on sensitive data exposure
  • Unknown API behaviors impact ability to detect vulnerabilities and prevent attacks
  • Secures 1300+ transactions/year
  • Identified 3 unknown vulnerabilities
  • Automatically blocks hundred of threats
The Challenge

Life at Houwzer Before Traceable

A complex, monolithic API needs to be simplified

Houwzer’s monolithic API is highly complex, with numerous endpoints and behavior variations based on transaction stage and location rules. Understanding its usage and behavior became a challenge for the team, leading to concerns about security risks and the need for comprehensive API visibility and control.

Traceable is exactly like the solution I was looking for.
Unknown attack surface means unknown risk posture

Houwzer’s AWS-deployed real estate applications and tools prioritize security, but their public-facing API required enhanced measures due to the potential impact of exposing personally identifiable information (PII). User role definitions and the risk of misdirected API requests further heightened concerns about unauthorized access and data breaches.

Phillips emphasizes the challenge of determining the appropriate API access for each user role, acknowledging the difficulty even for developers.

The Transformation

Life After Deploying Traceable

Houwzer deployed Traceable to gain observability and security of its monolithic API. The platform allows the company to see how customers are using its API at different points in a transaction and flags any suspicious behavior. Traceable AI also automatically identifies and blocks threats to the API in real-time and enables the company to uncover inappropriate information flow between different user roles across Houwzer’s services, such as buying, selling, mortgage, and title. Moreover, Houwzer uses Traceable AI to extend visibility of security concerns directly to its development team.

API observability improves Risk Posture Management

Traceable AI assists in evaluating the information visible to each user role within the API, prompting critical examination and potential adjustments. Collaborating with the development team, necessary modifications can be made to enhance API security for different user roles.

According to Phillips, Traceable AI increases security awareness among developers by providing direct visibility into API usage. This proactive approach fosters a mindset of prioritizing security throughout the development process, resulting in a higher-quality product.

Traceable allows us to know where sensitive information exists within our API and flags any activity that looks suspicious and could possibly expose that data.
Traceable replaces need for dedicated Security Personnel

With Traceable, the need for a dedicated security team is eliminated. Says Phillips “The security risk for our business is in our API and the various ways the endpoints can behave.”

Since implementing Traceable, Phillips’s team has discovered three additional vulnerabilities and promptly addressed them. Moreover, Traceable automatically detects and blocks numerous threats, sparing the team from manual log analysis and thwarting potential scans and hacks.

We went from blocking essentially zero threats to blocking hundreds per day with Traceable.
Scales security as the business expands

Houwzer is continually expanding into additional states and adding new capabilities to enhance the home buying and selling experience. As the business grows, its API will also need to scale and as it does, Phillips is confident he’ll be able to keep it secure with the help of Traceable.

Our whole strategy is to create a package of technology tools that we can scale to service customers – securely – across the U.S.
Traceable brings me peace of mind in the security of our digital services as we grow.