Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Salt Security Releases Latest Update to API Protection Platform

May 2021 by Marc Jacob

Salt Security announced that it has updated its next-generation Salt Security API Protection Platform with additional “shift left” security capabilities including API security posture insights and automated OpenAPI Specification (OAS) analysis and reporting. These latest capabilities enable Salt Security users to harden the full application lifecycle — build, deploy and runtime – identify risks and vulnerabilities in APIs before they are exploited, and make it easier to report on OAS standards to improve their API security posture.

The new capabilities in the Salt platform enable companies to identify these vulnerabilities before they can be exploited. Because Salt provides both runtime protection and developer insights, companies can ensure their vital data and services are immediately protected against attacks while they work with developers to harden their APIs.

“From a security standpoint, today’s application dependence on APIs changes the source of risk – it’s not just the front end under siege from traditional attacks and recon activities that map out backend processes,” said Mike Rothman, president of security analysis and consulting firm Securosis. “APIs have quickly emerged as the most attractive and least protected target within today’s new applications, since they have access to critical data and services.”

New features in the Salt Security API Protection Platform include:

• Posture insights – enabling companies to identify risk and vulnerabilities in their APIs before they can be exploited. The Salt platform highlights actionable insights on exploitable vulnerabilities such as potential data leaks and security misconfigurations, before any actual attack has occurred. These insights help customers continuously improve their security posture and reduce their attack surface.

• OAS accuracy – ensuring accurate documentation to enhance organizational efficiency and simplify compliance. The Salt platform provides a dynamic comparison between OAS documentation and the APIs and sensitive data the Salt platform discovers. On average, customer evaluations reveal 40% to 800% more APIs in use than companies have in their documentation and 10x to 20x the number of parameters.

• Automated alerting and documentation – providing real-time feedback on non-compliant APIs and generating OAS documentation. Salt sends real-time alerts whenever the APIs and exposed parameters it discovers do not match OAS documentation. Organizations can export the full discovery of APIs and exposed data as updated and accurate OAS files, ensuring documentation is complete before APIs are published and simplifying compliance.

The Salt platform has long used attacker behavior to identify security gaps in APIs – effectively using attackers as pen testers, with their small successes, before the Salt platform shuts down the attacker, highlighting areas where APIs can be improved. These new capabilities identify such security gaps well before they can be even partially exploited. Salt integrates with DevOps tools such as Jira and Slack to efficiently route remediation details to the right development team and can help track tickets to ensure remediation fixes are implemented. Salt taps the vulnerability learnings from its customer environments to enhance its ML and AI models, improving remediation insights for all its customers.

According to the Salt Security State of API Security Report, Q1 2021, API security concerns are significantly inhibiting business innovation. Identifying vulnerabilities in APIs early in their lifecycle is crucial to protecting companies’ vital assets so they can focus on business operations instead of risk. Because APIs are unique to each business, every API vulnerability is a zero-day vulnerability.

See previous articles


See next articles