Data Theorem, Inc., a leading
provider of
modern application
security, today introduced a new SPA security service that delivers automated
discovery and continuous dynamic runtime vulnerability inspection of modern web
single-page applications (SPAs). Purpose-built for SPAs, the new service is
differentiated in its runtime security analysis that supports both GraphQL and
REST API services, the popular services for SPAs that dynamically deliver a
faster and richer web user experience.
With DevOps teams rapidly
building web SPAs, security and IT teams using traditional web app scanners
lack the ability to gather application insights and inspect for security
vulnerabilities on these new modern web apps. Now with this new offering from
Data Theorem, for the first time users can fully discover and inspect
vulnerabilities with dynamic runtime analysis for both GraphQL and REST API
services.
"SPA security is the new
frontier for modern web application security, and like mobile it is tightly
coupled to the explosion and growth of GraphQL and API backend services," said
Doug Cahill, senior analyst and group practice director of cybersecurity for
ESG. "To best protect these services from attack, organizations need a solution
that delivers both continuous security vulnerability inspection and runtime
analysis that supports both GraphQL and REST API services."
Businesses today delivering
modern web applications build SPAs to deliver a richer and faster user
experience that is similar to what they deliver with their mobile apps. Similar
to mobile app protection, traditional web app scanners lack the ability to add
security insights to SPAs because of the dynamic nature of the SPA JavaScript
architecture. In addition, GraphQL adds a new attack surface due to the
enhanced flexibility it provides, making it difficult to protect against
malicious queries. These attack queries could lead to denial of service
attacks, or unauthorized access to private data.
"Growth of SPA deployment and
usage increases every year because organizations want their web experience to
be as good as their mobile app experience," said Doug Dooley, Data Theorem COO.
"But security tools have not kept up with this modern software development
trend. With our first web app security offering launching today, Data Theorem
is leaping ahead of the competitive landscape to now serve users' complex
security needs beyond API and mobile. We were already leading in runtime
analysis for mobile apps, and now we offer similar depth of runtime analysis to
protect these popular SPAs."
Today's SPA security solution
is offered as a component of Data Theorem's API Discover and API Inspect, which
together address security concerns such as Shadow APIs, Serverless
Applications, and API Gateway cross-check validation by conducting continuous
security assessments on API authentication, authorization, encryption,
availability, serverless functions, and policy compliance. The API security
solutions support Amazon Web Services, Google Cloud, and Microsoft Azure to
discover modern APIs and to enumerate the specification using standards such as
Swagger and Open API 3.0.
Pricing and Availability
Available today from Data Theorem, annual list price starts at $9,900 per SPA
licensed as a component of API Discover and API Inspect.