DEVOPSdigest

Wib announced API PenTesting-as-a-Service (PTaaS) designed to help organizations proactively cover the latest PCI-DSS 4.0 mandates for testing application security, APIs, and vulnerabilities in Business Logic.

Wib's PTaaS solution supports the evolving requirements for frameworks such as PCI DSS as they adapt to the realities of modern web security, where API coverage in penetration testing is often lacking.

For organizations covered by PCI-DSS' strict requirements for application penetration testing, which as of version 4.0 specifically includes API abuse and attacks on business logic, Wib provides on-demand API Pen Testing specifically designed to provide solid validation of API security posture to support assertions of compliance for PCI and other frameworks and regulations such as GDPR, CCPA, SOC-2, ISO, NIST, and others.

Utilizing the skill of Wib's Offensive Security team, Wib will deliver 'inception to report' in just three weeks, including:

- Full assessment report of all identified vulnerabilities

- A risk severity score, based on NIST cyber matrix calculator

- Contextual remediation report for all vulnerabilities that have been found

- Remediation road map plan with implementation suggestions, as well as post-remediation validation as required by PCI standards

- Dedicated training and consultancy session with Wib's Security Specialists

Wib's service is designed to be unintrusive and hassle-free for customers as Wib simulates attacks against their APIs without ever having to connect to their systems, and when combined with the Wib platform, provides complete visibility, an automatic inventory, auto-generated API documentation, and simulated attacks against test and / or production systems. Wib's holistic approach is the only way to truly protect your API ecosystem all the way from your source code, through production traffic, to professionally validated attacks on your API business logic from a professional API hacker's perspective from the outside.

"We've always said that your defense should be informed by the offense...we're uniquely positioned to provide validation of the security posture of APIs and the applications that use them from the same lens as the external attacker." adds Chuck Herrin, CTO of Wib. "That is a critical piece we often find missing, and our team is built to fill this gap so our customers can find, understand and protect their APIs as they race to secure their evolving attack surface. Our goal is to make it safe to innovate and help our customers ensure the security, risk, and compliance of the API ecosystems powering their business."