Salt Security API Protection Platform Updated
May 12, 2021

Salt Security updated its next-generation Salt Security API Protection Platform with additional "shift left" security capabilities including API security posture insights and automated OpenAPI Specification (OAS) analysis and reporting.

These latest capabilities enable Salt Security users to harden the full application lifecycle — build, deploy and runtime – identify risks and vulnerabilities in APIs before they are exploited, and make it easier to report on OAS standards to improve their API security posture.

The new capabilities in the Salt platform enable companies to identify these vulnerabilities before they can be exploited. Because Salt provides both runtime protection and developer insights, companies can ensure their vital data and services are immediately protected against attacks while they work with developers to harden their APIs.

New features in the Salt Security API Protection Platform include:

- Posture insights – enabling companies to identify risk and vulnerabilities in their APIs before they can be exploited. The Salt platform highlights actionable insights on exploitable vulnerabilities such as potential data leaks and security misconfigurations, before any actual attack has occurred. These insights help customers continuously improve their security posture and reduce their attack surface.

- OAS accuracy – ensuring accurate documentation to enhance organizational efficiency and simplify compliance. The Salt platform provides a dynamic comparison between OAS documentation and the APIs and sensitive data the Salt platform discovers. On average, customer evaluations reveal 40% to 800% more APIs in use than companies have in their documentation and 10x to 20x the number of parameters.

- Automated alerting and documentation – providing real-time feedback on non-compliant APIs and generating OAS documentation. Salt sends real-time alerts whenever the APIs and exposed parameters it discovers do not match OAS documentation. Organizations can export the full discovery of APIs and exposed data as updated and accurate OAS files, ensuring documentation is complete before APIs are published and simplifying compliance.

The Salt platform has long used attacker behavior to identify security gaps in APIs – effectively using attackers as pen testers, with their small successes, before the Salt platform shuts down the attacker, highlighting areas where APIs can be improved. These new capabilities identify such security gaps well before they can be even partially exploited. Salt integrates with DevOps tools such as Jira and Slack to efficiently route remediation details to the right development team and can help track tickets to ensure remediation fixes are implemented. Salt taps the vulnerability learnings from its customer environments to enhance its ML and AI models, improving remediation insights for all its customers.

Identifying vulnerabilities in APIs early in their lifecycle is crucial to protecting companies' vital assets so they can focus on business operations instead of risk. Because APIs are unique to each business, every API vulnerability is a zero-day vulnerability.

"The misconception persists that WAFs and API Gateways are sufficient for protecting APIs against vulnerabilities and attacks and that developer documentation provides all the information an organization needs about its APIs," said Roey Eliyahu, Co-Founder and CEO, Salt Security. "But API attacks easily elude WAFs and gateways, which can protect against only known attacks, and today's application environments are too complex and too dynamic for manual documentation to keep up. APIs are among the most vulnerable parts of the modern application stack. Salt Security's latest capabilities make security more effective across the full application lifecycle...identifying the zero-day vulnerabilities and protecting them from attacks in runtime."

Share this

Industry News

February 13, 2025

LaunchDarkly announced the private preview of Warehouse Native Experimentation, its Snowflake Native App, to offer Data Warehouse Native Experimentation.

February 13, 2025

SingleStore announced the launch of SingleStore Flow, a no-code solution designed to greatly simplify data migration and Change Data Capture (CDC).

February 13, 2025

ActiveState launched its Vulnerability Management as a Service (VMaas) offering to help organizations manage open source and accelerate secure software delivery.

February 12, 2025

Genkit for Node.js is now at version 1.0 and ready for production use.

February 12, 2025

JFrog signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS).

February 12, 2025

mabl launched of two new innovations, mabl Tools for Playwright and mabl GenAI Test Creation, expanding testing capabilities beyond the bounds of traditional QA teams.

February 11, 2025

Check Point® Software Technologies Ltd. announced a strategic partnership with leading cloud security provider Wiz to address the growing challenges enterprises face securing hybrid cloud environments.

February 11, 2025

Jitterbit announced its latest AI-infused capabilities within the Harmony platform, advancing AI from low-code development to natural language processing (NLP).

February 11, 2025

Rancher Government Solutions (RGS) and Sequoia Holdings announced a strategic partnership to enhance software supply chain security, classified workload deployments, and Kubernetes management for the Department of Defense (DOD), Intelligence Community (IC), and federal civilian agencies.

February 10, 2025

Harness and Traceable have entered into a definitive merger agreement, creating an advanced AI-native DevSecOps platform.

February 10, 2025

Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.

February 07, 2025

Are you using OpenTelemetry? Are you planning to use it? Click here to take the OpenTelemetry survey.

February 06, 2025

GitHub announced a wave of new features and enhancements to GitHub Copilot to streamline coding tasks based on an organization’s specific ways of working.

February 06, 2025

Mirantis launched k0rdent, an open-source Distributed Container Management Environment (DCME) that provides a single control point for cloud native applications – on-premises, on public clouds, at the edge – on any infrastructure, anywhere.

February 06, 2025

Hitachi Vantara announced a new co-engineered solution with Cisco designed for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes.