enterprisesecuritymag

APIsec Adds Update to its API Security Platform

By Enterprise Security Magazine | Friday, October 16, 2020

With this recent release, APIsec now develops certified, and on-demand penetration testing reports for compliance standards, allowing enterprises to stay compliant at all times at a fraction of cost.

FREMONT, CA: APIsec announces an update to its API security platform, enabling enterprise security and compliance groups to get certified, compliant API penetration testing reports on-demand. APIsec now offers detailed pen-test reports that can be automated and published after every code release.

Enterprise security and compliance groups are mandated to conduct periodic penetration testing of their applications as demanded by industry standards like GDPR,SOC, PCI, HIPAA,NIST, CCPA, and FedRAMP. These penetration tests take months to complete and are manual and expensive processes. As a result, enterprises prioritize pen-tests on the most vital applications against the most common attack vectors.

APIsec offers the industry's completely automated and continuous API security testing platform that avoids the need for expensive, infrequent, manual pen-testing. APIsec certified API penetration testing reports would help firms address their compliance needs and help them communicate security at the board level. APIsec keeps firms honest.

APIsec's customers like the comprehensive security test coverage APIsec offers out of the box, and they wanted to stop hiring expensive, time-consuming outside providers for penetration testing reports. Compliance mandates proof of security for APIs, which is usually done manually and is very costly. With this release, APIsec offers automated API penetration test certification in minutes that provides ten times the coverage at 1/10th the price. APIsec leveraged the automated penetration test reports ability as part of its own SOC 2 certification. The SOC 2 auditors accepted the automated penetration reports and noted the security test's breadth and completeness.

APIsec delivers comprehensive security to any API, automatically identifying zero-day security vulnerabilities, business logic faults, and RBAC issues. With no training, APIsec automatically creates and runs thousands of attack instances against APIs, filing issues with ticketing systems, and producing compliance-ready pen-test reports. APIsec combines with API gateways and platforms and with CI/CD frameworks to test new code in real-time.

Weekly Brief