Invicti announced Invicti API Security
July 2024 by Marc Jacob
Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution.
The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As development teams embrace the productivity benefits of AI code assistants, API creation accelerates further. But while AI code assistants are boosting developer productivity, they cannot yet generate secure application code or secure APIs consistently, propagating the risk from vulnerable APIs deployed into today’s web services.
According to ESG’s report Securing The API Attack Surface, 76% of organizations report having an average of 26 APIs per application deployed. Many of these APIs are undocumented and unmonitored, so the security challenge is now about confidently and quickly finding APIs, testing them for vulnerabilities, and performing remediation. With Invicti API Security, organizations can realize comprehensive API discovery alongside proactive API security testing.
Invicti API Security includes multiple discovery methods to enable comprehensive identification of known and undocumented APIs, including:
● Zero-configuration discovery to identify API specifications, scanning cloud environments for accessible paths
● API management system integrations to fetch and sync accurate and latest API specifications into inventory
● Network API traffic analysis to identify and reconstruct API calls into API definition files based on observed traffic
For decades, Invicti has provided the advantage of web application security testing coverage, accuracy, speed, and scale. The combination of continuous automated discovery, proof-based scanning to verify critical vulnerabilities for developers, and recently added Predictive Risk Scoring to advance prioritization efforts provide customers with a unique set of benefits. These web application security benefits can be deployed together with API discovery and security testing.
Invicti API Security is available to Invicti customers across both Acunetix and Invicti (formerly Netsparker) product lines to extend their use of the Invicti platform. New customers can purchase the product as a web application and API security combination, or a standalone API Security option.