Extending our Lead in API Security – Augmenting our “Shift Left” Features

As the first company to deliver an API security platform, we here at Salt take enormous pride in our leadership position in this exploding market. We’ve built the best technology, earning the most customers, funding, and accolades along the way, and today we’re excited to share a few ways we’re extending our technical leadership.

Salt is uniquely focused on securing APIs across their full lifecycle – we believe organizations need to both “shift left” and “protect right,” as in RIGHT NOW. You need to get feedback to developers so they can write better APIs that let you stop playing “whack-a-mole,” fixing the same problem in runtime over and over. Keep the balance, though – you don’t want to over-rotate on shift left. We see CISOs looking to put in place protections that stop attackers right now, so no matter what happens in the DevOps processes, the data stays safe. As the CISO of Armis, Curtis Simpson, put it recently, “Improving dev practices is super valuable, but you can’t shift everything left at once. You’re changing the culture along with introducing a bunch of new technology into the pipeline. So with Salt, you get protected right now, and then you can focus on getting developers the remediation insights.”

We’re making those insights even stronger with our recent enhancements. We’ve always used the minor successes of hackers doing the probing to learn a company’s APIs as a source of insight into how our customers can harden their APIs – using attackers as pen testers, we call it. In the latest series of updates to the Salt SaaS platform, we’ve added:

  • API security posture insights – the Salt platform identifies potential data leaks or security misconfigurations regardless of whether any hacker has tried to exploit them.
  • OAS comparison and updates – the Salt platform compares your OAS documentation to the APIs and sensitive data we automatically discover, highlighting where reality diverges from developer documentation. We often find customers have 10 times the number of APIs they think they do, and documentation is always missing tons of parameters.
  • automated alerting and OAS documentation – we send real-time alerts whenever the APIs and exposed parameters that we discover are out of synch with your OAS documentation. You can also export the full set of APIs and their exposed data, which we’re constantly discovering and updating, as OAS files you know are accurate and up to date. Such documentation can be super helpful in simplifying compliance.

So check out what Salt can do to keep your data and services protected from API hackers, who’ve figured out it’s well worth their time and resources to go after your APIs! Get a personalized demo, or check out how other customers are tapping the power of the Salt C-3A Context-based API Analysis Architecture to keep their APIs safe.

*** This is a Security Bloggers Network syndicated blog from Salt Security blog authored by Michelle McLean. Read the original post at: