Cequence Security announced it has enhanced
the testing capabilities within its Unified API Protection Platform with the
availability of API Security Testing. This API Security Testing framework
encourages shift-left efforts by giving security and development teams the
tools to quickly uncover and remediate API vulnerabilities in pre-production
environments that could otherwise lead to business disruption in production.
With
API Security Testing, security and development teams can integrate continuous
and automated testing of their pre-production APIs into their development and
release cycle. For scenarios where no API specifications exist, security teams
can leverage real-time API traffic analysis to baseline API specifications
based on runtime traffic, eliminating the need to search for owners of legacy
APIs or create specifications from scratch.
"Driven
by the rapid rise in API exploits caused by coding errors, security and
development teams are looking at ways to improve their API testing efforts
without jeopardizing their continuous development release cycles," said Varun
Kohli, Chief Marketing Officer at Cequence Security. "API Security Testing
complements our runtime compliance capabilities that detect security risks such
as business logic abuse and OWASP API Top 10 risks in production APIs. With API
Security Testing, teams can apply the same compliance and security checks to
their build processes to detect compliance issues earlier in the development
cycle for pre-production APIs."
Key
capabilities of the new offering include:
-
Continuous
integration (CI)/Continuous development (CD) and Collaboration Tools
Integration: Integrates with CI/CD tools like Gitlab, Azure DevOps,
Jenkins and Bamboo, allowing developers to run tests against their
pre-production APIs to detect and report security risks.
-
Visualize
Results and Remediate Test Failures: Security and development
teams can visualize results and drill down into details to quickly understand
the compliance issues identified in pre-production APIs. Summary reports allow
results to be exported and shared with API owners and development teams for
quick remediation and re-execution of tests.
-
Comprehensive
OWASP API Top 10 Risk Detection: Detects security risks including the OWASP
API Top 10 and business logic risks, including introduction of shadow APIs and
sensitive data exposure. Administrators can define customized sensitive data
exposure and custom risk categories for different groups of APIs based on the
vertical. For example, retail customers can create policies configured to look
explicitly for credit card numbers, while automotive customers can monitor and
prevent exposure of vehicle identification numbers.
API
Security Testing is part of the Cequence Unified API Protection solution and
leverages an open, extensible architecture to seamlessly integrate into
existing API protection infrastructure.