Cequence Security has expanded the testing capabilities of its Unified API Protection Platform with the addition of API Security Testing. This API Security Testing framework encourages shift-left efforts by providing security and development teams with the tools they need to quickly uncover and remediate API vulnerabilities in pre-production environments that could otherwise cause business disruption in production.
Varun Kohli, CMO at Cequence Security stated, “Driven by the rapid rise in API exploits caused by coding errors, security and development teams are looking at ways to improve their API testing efforts without jeopardising their continuous development release cycles.
API Security Testing complements our runtime compliance capabilities that detect security risks such as business logic abuse and OWASP API Top 10 risks in production APIs. With API Security Testing, teams can apply the same compliance and security checks to their build processes to detect compliance issues earlier in the development cycle for pre-production APIs.”
API Security Testing enables security and development teams to incorporate continuous and automated testing of pre-production APIs into the development and release cycle. In scenarios where no API specifications exist, security teams can use real-time API traffic analysis to create baseline API specifications based on runtime traffic, eliminating the need to track down legacy API owners or create specifications from scratch.
The following are some of the new offering’s key capabilities:
Continual development (CD), continuous integration (CI), and integration of collaboration tools: Integrates with CI/CD tools such as Gitlab, Azure DevOps, Jenkins, and Bamboo, allowing developers to run security tests against pre-production APIs to detect and report security risks.
Visualize results and fix test failures: Security and development teams can visualize results and drill down into details to better understand compliance issues in pre-production APIs. Summary reports enable results to be exported and shared with API owners and development teams for rapid test remediation and re-execution.
Comprehensive OWASP API top 10 risk detection: Detects security risks such as the OWASP API Top 10 as well as business logic risks such as the introduction of shadow APIs and the exposure of sensitive data. Administrators can customize sensitive data exposure and risk categories for different groups of APIs based on vertical. Retail customers, for example, can create policies that explicitly look for credit card numbers, whereas automotive customers can monitor and prevent the exposure of vehicle identification numbers.