DEVOPSdigest

APIsec has unveiled its latest capability, Automated Penetration Testing.

APIsec now offers a fully automated API security testing platform giving DevOps and Security teams continuous visibility and complete coverage for APIs.

The platform automatically:

- Analyzes each application's APIs and detects any changes and updates

- Creates thousands of customized attacks, testing security and business logic

- Provides complete test coverage, ensuring every endpoint is evaluated

- Finds security vulnerabilities and flaws in API logic before production

- Generates compliance-ready Pen-Test Reports

APIsec Automated Pen Testing operates at the speed of DevOps, eliminating the tradeoff between security and speed.

Intesar Mohammed, Co-founder and CTO at APIsec, explains "APIs pose unique challenges for security testing as there are no UIs or structured workflows to test against. This makes the job of the pen-tester exceptionally difficult, requiring pen-testing experts to devote most of their time to reverse-engineering API calls and manually crafting hundreds of tests. We developed APIsec to automate API testing, provide complete coverage of every endpoint and attack vector, and enable continuous visibility. APIsec enables developers to be even more agile, knowing that every new line of code will be automatically tested again and again."

As APIsec uncovers vulnerabilities, the platform delivers a detailed description of the test and provides a replay of the successful attack, along with remediation recommendations. Engineers never have to waste time investigating or reproducing issues and can focus on fixing underlying problems.