DEVOPSdigest

Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing.

This API Security Testing framework encourages shift-left efforts by giving security and development teams the tools to quickly uncover and remediate API vulnerabilities in pre-production environments that could otherwise lead to business disruption in production.

With API Security Testing, security and development teams can integrate continuous and automated testing of their pre-production APIs into their development and release cycle. For scenarios where no API specifications exist, security teams can leverage real-time API traffic analysis to baseline API specifications based on runtime traffic, eliminating the need to search for owners of legacy APIs or create specifications from scratch.

“Driven by the rapid rise in API exploits caused by coding errors, security and development teams are looking at ways to improve their API testing efforts without jeopardizing their continuous development release cycles,” said Varun Kohli, CMO at Cequence Security. “API Security Testing complements our runtime compliance capabilities that detect security risks such as business logic abuse and OWASP API Top 10 risks in production APIs. With API Security Testing, teams can apply the same compliance and security checks to their build processes to detect compliance issues earlier in the development cycle for pre-production APIs.”

Key capabilities of the new offering include:

- Continuous integration (CI)/Continuous development (CD) and Collaboration Tools Integration: Integrates with CI/CD tools like Gitlab, Azure DevOps, Jenkins and Bamboo, allowing developers to run tests against their pre-production APIs to detect and report security risks.

- Visualize Results and Remediate Test Failures: Security and development teams can visualize results and drill down into details to quickly understand the compliance issues identified in pre-production APIs. Summary reports allow results to be exported and shared with API owners and development teams for quick remediation and re-execution of tests.

- Comprehensive OWASP API Top 10 Risk Detection: Detects security risks including the OWASP API Top 10 and business logic risks, including introduction of shadow APIs and sensitive data exposure. Administrators can define customized sensitive data exposure and custom risk categories for different groups of APIs based on the vertical. For example, retail customers can create policies configured to look explicitly for credit card numbers, while automotive customers can monitor and prevent exposure of vehicle identification numbers.

API Security Testing is part of the Cequence Unified API Protection solution and leverages an open, extensible architecture to seamlessly integrate into existing API protection infrastructure.