Synack has launched an API pen testing capability, which is supported by its global community of elite security researchers. Organizations can now rely on the Synack platform to provide continuous pen-testing coverage across “headless” API endpoints, which lack a user interface and are therefore increasingly vulnerable to attackers.
Peter Blanks, Chief Product Officer at Synack stated, “Many organizations are struggling to find the top-tier cyber talent needed to root out API-specific vulnerabilities. We’re excited to extend our Synack platform to provide human-powered offensive security testing on APIs.”
Synack’s headless API capability is based on years of API pentesting experience with web and mobile applications. Customers can now enter API documentation to guide testing scope and coverage using the new platform features. The Synack Red Team then attempts to exploit API endpoints in the manner of a real external adversary.
On API requests, only Synack Red Team members with proven API testing skills are activated, reducing noise. In 2022, Synack’s Special Projects division successfully conducted over 100 pentests against headless APIs, providing customers with critical proof-of-coverage reports while validating researchers’ API expertise.
Mark Kuhr, CTO, and co-founder at Synack and a former National Security Agency cybersecurity expert commented, “Synack’s human-led, the adversarial approach is ideal for testing APIs that form the backbone of society’s digital transformation. We are thrilled to offer customers a unique, scalable way to secure this growing area of their attack surfaces.”
Vulnerability submissions and testing reports are routed through Synack’s Vulnerability Operations team for a thorough vetting process before being displayed in the platform, minimizing false positives, and ensuring high-quality results.
Read More : API Security Should Be Your Priority in 2022