DEVOPSdigest

Cequence Security announced new updates to the Unified API Protection (UAP) platform that strengthen customers’ ability to discover, manage risk and protect APIs.

With the latest capabilities, organizations can rapidly deploy API Security Testing with built-in generative AI automation, protect users from online fraud and operationalize security findings with low-code/no-code workflows.

“We are always exploring ways to further automate and improve our UAP solution and help our customers consolidate the tools required to stay ahead of the threat actors,” said Ameya Talwalkar, founder and CEO. “The updates to our platform continue to set us apart from other point solution vendors in the API security space as we are providing our customers with the only integrated best-of-suite approach to discover, comply, test and protect their APIs.”

Cequence has added several new capabilities to API Security Testing, including Test Plan generation using a new feature called Intelligent Mode that helps automate the generation of API Security Test Plans using plain English, extending the low-code/no-code approach to test case generation. Cequence UAP’s Intelligent Mode automatically associates the appropriate APIs with the right test cases, given the functionality of that API. This not only drastically reduces the time needed to create a test plan to minutes, as compared to months with other solutions, it also ensures consistent experience across a customer’s entire applications and environments.

Several other enhancements include detailed insights and remediation workflows into test failures. The test catalog now has test cases for the latest OWASP API Top 10 2023. Cequence also empowers InfoSec teams to run API tests outside of CI/CD pipelines, and instead, point attack test suites directly against staging or even production servers.

To enable organizations to protect their APIs from online fraud, Cequence has introduced the Fraud Prevention module in API Spartan. The new module enables organizations to protect their end-customers from online fraud and instantly take action, including blocking transactions and generating enterprise-grade notifications to relevant teams.

Protecting applications and users against online fraud complements the existing capabilities of Cequence to detect and block business logic abuse, account takeover (ATO) attempts, common OWASP API Top 10 security risks and automated malicious traffic.

Cequence has introduced out-of-the-box integrations with over 300 third-party apps, including ServiceNow, PagerDuty, JIRA and Slack. Using off-the-shelf connections to these apps, security analysts can ensure security risks or threats are routed promptly to their business teams for remediation.

Security analysts can use a low-code/no-code approach within Cequence to implement the equivalent of an API Security Orchestration and Response (SOAR) workflow, wiring together multiple third-party connections to achieve their desired outcomes. Using this approach, analysts can operationalize workflows that promptly remediate critical API security risks, such as the discovery of shadow APIs that have access to sensitive data and new security risks of weak authentication or non-conformance to OpenAPI specifications in newly built pre-production CI/CD pipelines.

New enhancements to API Spyder enable customers to easily identify APIs that are externally accessible, but not entirely protected by Cloud Security Posture Management (CSPM) infrastructure. Additionally, this approach offers a seamless complement to API Sentinel’s deep insights into runtime API inventory and compliance checking using the OWASP API Security Top 10 and other custom risk categories.

With the latest Unified API Protection platform updates, organizations can now protect their users from online fraud, operationalize security findings with low-code/no-code API SOAR-like workflows and rapidly deploy API Security Testing with built-in Generative AI automation. With UAP, customers can discover with API Spyder, comply with API Sentinel and protect with API Spartan.