New tool helps enterprises find and fix API vulnerabilities
As digital transformation projects roll out, APIs are more critical than ever to build modern applications. But as we reported last week they also create security headaches.
Security testing specialist Veracode is addressing this with the launch of a new scanning tool that enables organizations to find and fix vulnerabilities in APIs.
"The explosion of APIs means that application development is becoming more fragmented and decentralized in nature, so the attack surface is growing exponentially," says Brian Roche, chief product officer at Veracode. "As such, API scanning has become the most-requested feature by our customers as they look for a solution that saves time, frees up resources, and provides peace of mind."
API Scanning uses Veracode's powerful Dynamic Analysis (DAST) scanning engine to provide security insights and remediation guidance for APIs as early and efficiently as possible. Security and vulnerability managers can analyze their APIs as soon as they are available in a network accessible runtime environment, and before they get incorporated into bigger applications.
API scan results are grouped by severity and provide detailed remediation guidance within a single dashboard alongside other DAST scans. This makes it easier for security teams to prioritize vulnerabilities and access the details required for developers to fix insecure code quickly, facilitating smooth collaboration between security and development teams.
Roche adds, "Strong API security is fast becoming one of the top concerns for enterprises and a table stakes capability for CISOs. In a world where every relationship should start with zero trust, regular API scanning must be a cornerstone of any robust software security strategy."
You can find out more on then Veracode site.