APIsec automates API penetration testing, providing continuous visibility and complete test coverage.
APIsec, the leading vendor of API security solutions, has unveiled its latest capability, Automated Penetration Testing. Manual penetration testing, typically carried out annually or quarterly, is no longer in-sync with modern application development practices. Not only are the tests too infrequent, but they often overlook the API layer, which now constitutes 90% of the attack surface for all web-enabled apps.
APIsec now offers a fully automated API security testing platform giving DevOps and Security teams continuous visibility and complete coverage for APIs. The platform automatically:
- Analyzes each application’s APIs and detects any changes and updates
- Creates thousands of customized attacks, testing security and business logic
- Provides complete test coverage, ensuring every endpoint is evaluated
- Finds security vulnerabilities and flaws in API logic before production
- Generates compliance-ready Pen-Test Reports
APIs have become a serious threat to organizations and a rich target for hackers. Although APIs are subject to many common security vulnerabilities, such as injection attacks and cross-site scripting, the most damaging vulnerabilities are logic flaws, or loopholes in the APIs that allow hackers to abuse APIs and gain unauthorized access. These logic flaws are difficult to uncover and the state of the art has been limited to manual testing. Meanwhile, Engineering teams have to keep up with rapid releases and deadlines, and businesses cannot wait for the next scheduled pen-test.
APIsec Automated Pen Testing operates at the speed of DevOps, eliminating the tradeoff between security and speed. Intesar Mohammed, Co-founder and CTO at APIsec, explains “APIs pose unique challenges for security testing as there are no UIs or structured workflows to test against. This makes the job of the pen-tester exceptionally difficult, requiring pen-testing experts to devote most of their time to reverse-engineering API calls and manually crafting hundreds of tests. We developed APIsec to automate API testing, provide complete coverage of every endpoint and attack vector, and enable continuous visibility. APIsec enables developers to be even more agile, knowing that every new line of code will be automatically tested again and again.”