Cequence Security API Security Testing framework encourages early discovery of vulnerabilities

SECURITY

Application programming interface security startup Cequence Security Inc. today announced enhanced testing capabilities within its Unified API Protection Platform.

The new API Security Testing framework encourages so-called “shift-left” efforts, giving security and development teams tools to uncover and remediate API vulnerabilities in preproduction environments that could otherwise lead to business disruption when they go into production.

Using the newly enhanced service, security and development teams can integrate continuous and automated testing of their pre-production APIs into their development and release cycle. Where no API specifications exist, security teams can leverage real-time API traffic analysis to baseline API specifications based on runtime traffic, removing the need to search for legacy APIs or create specifications from scratch.

Key capabilities of the new offering include continuous integration/continuous development and collaboration tools integration with support for Gitlab, Azure DevOps, Jenkins and Bamboo. The integration allows developers to run tests against their preproduction APIs to detect and report security risks.

The new offering allows users to visualize results and remediate test failures, drilling down into details to understand quickly the compliance issues identified in preproduction APIs. Summary reports allow results to be exported and shared with API owners and development teams for quick remediation and re-execution of tests.

On the security side, the new offering scans for OWASP API and business logic risks, including shadow APIs and sensitive data exposure. Users can define customized sensitive data exposure and custom risk categories for different groups of APIs based on the industry.

“Driven by the rapid rise in API exploits caused by coding errors, security and development teams are looking at ways to improve their API testing efforts without jeopardizing their continuous development release cycles,” Varun Kohli, chief marketing officer at Cequence Security, said in a statement. “API Security Testing complements our runtime compliance capabilities that detect security risks such as business logic abuse and OWASP API Top 10 risks in production APIs.”

Subbu Iyer, vice president of product management, and Ameya Talwalka, founder and chief executive officer of Cequence, spoke with theCUBE, SiliconANGLE Media’s livestreaming studio, in September on how APIs are becoming an irresistible target for attackers:

Image: Cequence Security