DEVOPSdigest

Noname Security announced the general availability of Active Testing V2 to help organizations leave no API untested.

Building on the success of the original version of Active Testing, the latest version helps industry leaders to further “shift left” to stop vulnerabilities from reaching production, innovate faster, and ensure compliance with evolving regulatory requirements.

Noname Security Active Testing is a purpose-built API security testing solution that helps organizations easily add API security into their application development process, including continuous integration/continuous deployment (CI/CD) integration, dynamic or static API specification analysis, and more. Built to complement existing security tooling and processes, Active Testing helps organizations to:

- Leave no API untested with a unique ability to find and test every API based on an understanding of the application’s business logic.

- Shift left with integrations into the entire software development lifecycle (SDLC). Teams get dynamic API visibility across multiple states and environments throughout the CI/CD process.

- Empower developers with best-in-class usability such as simple setup and automation, in-line test results, and contextual guidance for request failure mitigation.

“Testing the security of APIs in development makes good financial sense,” said Shay Levi, CTO & Co-Founder of Noname Security. “Fixing issues earlier in an API’s lifecycle can reduce remediation costs by 10x to 100x. With rising costs of re-writing code, regulatory fines, delays to new products, brand impacts, and the drops in shareholder value after breaches, it’s no surprise that industry-leaders are actively addressing API security in development.”

Built from the ground up to specifically address the challenges of testing APIs for security vulnerabilities, Noname Security Active Testing includes:

- Developer-friendly user experience for full coverage and adoption.

- Easy integration with development processes, including CI/CD pipelines, dynamic and static specification analysis, and more.

- 160+ security tests of business-logic exploits, including the OWASP API Top Ten.

- Reachability to adapt to the unique business logic of APIs and applications.

- API lifecycle and environment awareness to easily identify when vulnerabilities are introduced and prioritize review.

- Support for all major API types, including GraphQL.

In addition to Active Testing, Noname Security continues to innovate across the entire Noname API Security Platform, including additional capabilities for securing Kubernetes clusters, eBPF functionality, inline remediation options, integrations, and further AI/ML customization.