Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Cequence Security Enhances API Security Testing Capabilities
February 06, 2023
Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing.
This API Security Testing framework encourages shift-left efforts by giving security and development teams the tools to quickly uncover and remediate API vulnerabilities in pre-production environments that could otherwise lead to business disruption in production.
With API Security Testing, security and development teams can integrate continuous and automated testing of their pre-production APIs into their development and release cycle. For scenarios where no API specifications exist, security teams can leverage real-time API traffic analysis to baseline API specifications based on runtime traffic, eliminating the need to search for owners of legacy APIs or create specifications from scratch.
“Driven by the rapid rise in API exploits caused by coding errors, security and development teams are looking at ways to improve their API testing efforts without jeopardizing their continuous development release cycles,” said Varun Kohli, CMO at Cequence Security. “API Security Testing complements our runtime compliance capabilities that detect security risks such as business logic abuse and OWASP API Top 10 risks in production APIs. With API Security Testing, teams can apply the same compliance and security checks to their build processes to detect compliance issues earlier in the development cycle for pre-production APIs.”
Key capabilities of the new offering include:
- Continuous integration (CI)/Continuous development (CD) and Collaboration Tools Integration: Integrates with CI/CD tools like Gitlab, Azure DevOps, Jenkins and Bamboo, allowing developers to run tests against their pre-production APIs to detect and report security risks.
- Visualize Results and Remediate Test Failures: Security and development teams can visualize results and drill down into details to quickly understand the compliance issues identified in pre-production APIs. Summary reports allow results to be exported and shared with API owners and development teams for quick remediation and re-execution of tests.
- Comprehensive OWASP API Top 10 Risk Detection: Detects security risks including the OWASP API Top 10 and business logic risks, including introduction of shadow APIs and sensitive data exposure. Administrators can define customized sensitive data exposure and custom risk categories for different groups of APIs based on the vertical. For example, retail customers can create policies configured to look explicitly for credit card numbers, while automotive customers can monitor and prevent exposure of vehicle identification numbers.
API Security Testing is part of the Cequence Unified API Protection solution and leverages an open, extensible architecture to seamlessly integrate into existing API protection infrastructure.
Industry News
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
April 29, 2024
OpenText™ announced a solution to long-standing open source intake challenges, OpenText Debricked Open Source Select.
April 29, 2024
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.
April 29, 2024
Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat.”
April 25, 2024
JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
April 25, 2024
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.
