APIsec Launches Automated Penetration Testing to Secure APIs

SAN FRANCISCO, May 19, 2021 /PRNewswire/ —¬†APIsec, the leading vendor of API security solutions, has unveiled its latest capability, Automated Penetration Testing. Manual penetration testing, typically carried out annually or quarterly, is no longer in-sync with modern application development practices. Not only are the tests too infrequent, but they often overlook the API layer, which now constitutes 90% of the attack surface for all web-enabled apps.

APIsec now offers a fully automated API security testing platform giving DevOps and Security teams continuous visibility and complete coverage for APIs. The platform automatically:

  • Analyzes each application’s APIs and detects any changes and updates
  • Creates thousands of customized attacks, testing security and business logic
  • Provides complete test coverage, ensuring every endpoint is evaluated
  • Finds security vulnerabilities and flaws in API logic before production
  • Generates compliance-ready Pen-Test Reports

APIs have become a serious threat to organizations and a rich target for hackers. Although APIs are subject to many common security vulnerabilities, such as injection attacks and cross-site scripting, the most damaging vulnerabilities are logic flaws, or loopholes in the APIs that allow hackers to abuse APIs and gain unauthorized access. These logic flaws are difficult to uncover and the state of the art has been limited to manual testing. Meanwhile, Engineering teams have to keep up with rapid releases and deadlines, and businesses cannot wait for the next scheduled pen-test.

APIsec Automated Pen Testing operates at the speed of DevOps, eliminating the tradeoff between security and speed. Intesar Mohammed, Co-founder and CTO at APIsec, explains “APIs pose unique challenges for security testing as there are no UIs or structured workflows to test against. This makes the job of the pen-tester exceptionally difficult, requiring pen-testing experts to devote most of their time to reverse-engineering API calls and manually crafting hundreds of tests. We developed APIsec to automate API testing, provide complete coverage of every endpoint and attack vector, and enable continuous visibility. APIsec enables developers to be even more agile, knowing that every new line of code will be automatically tested again and again.”

As APIsec uncovers vulnerabilities, the platform delivers a detailed description of the test and provides a replay of the successful attack, along with remediation recommendations. Engineers never have to waste time investigating or reproducing issues and can focus on fixing underlying problems.

To learn more about securing API download the APIsec whitepaper: Best Practices for API Security – available here: https://www.apisec.ai/white-paper/api-security-best-practices.

About APIsec
APIsec provides the industry’s only automated and continuous API testing that uncovers security vulnerabilities and logic flaws in APIs before reaching production. The APIsec platform automatically creates customized security tests, providing complete coverage of the entire API and addressing the entire OWASP API Top 10 and more. Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities. Learn more at www.apisec.ai, and register for a free API assessment.

Dan Barahona



Related Links