Intruder has announced the
launch of its cutting-edge API scanning abilities. The update to its
cloud-based vulnerability management service allows organisations of all
sizes to secure their APIs by automatically detecting vulnerabilities,
gaps, security weaknesses, and misconfigurations that hackers can
exploit.
As more organisations build APIs to facilitate
automation, attack surfaces are expanding, making it crucial for
organisations to include them under their security operations.
Intruder's latest capability automatically scans every API, providing
organisations with detailed insights that they can use to proactively
reduce exposure - whether it's a vulnerability in the web server they're
using or an SQL injection in the parameters of one of the pages they've
built themselves.
"I'm excited that we can now offer such an easy
to use and accurate API scanning capability at a time when it is
desperately needed," said Chris Wallis, CEO of Intruder. "In light of
recent high profile API breaches such as Optus and T-Mobile, this
feature will give companies full understanding and control over their
API security and allow them to implement a more complete exposure
management strategy."
Intruder's API scanning feature has a focus
on ease of use. Instead of scanning infrastructure and APIs separately
and attempting to correctly manage several configuration options,
Intruder's inbuilt API scanning capabilities mean customers simply need
to add a target and upload the API schema. They will then receive
comprehensive data about the asset, providing clear and actionable
insights for any vulnerabilities detected.
"API security is
notoriously difficult to conceptualise, and the number of APIs exposed
to the internet is increasing year-on-year - driven in-part by the
demand for greater automation. This is expanding the attack surface that
opportunistic hackers can attempt to exploit and then gain access,"
said Andy Hornegold, Product Lead at Intruder. "Intruder simplifies the
process of API security from initial setup to continuous monitoring -
our customers love the fact that they can ‘set and forget.'
Simultaneously, Intruder's API scanning is tailored to the APIs of each
company, addressing their individual needs. In short, it enables
effective API security through informed scanning, saving companies both
time and resources."