New assessment tool discovers and catalogues an organization’s complete API inventory, including the shadow, zombie, and unprotected APIs that leave data exposed.
Salt Security, the leader in API security, announced the launch of Salt Surface, a new capability integrated into its industry-leading API Protection Platform. Salt Surface provides organizations with a comprehensive API attack surface assessment, delivering an attacker’s-eye view of their public-facing APIs to uncover specific, actionable risks before they can be exploited.
Salt Surface is an active reconnaissance tool meticulously designed to mimic the tactics and techniques used by advanced API attackers. Its primary purpose is to help organizations proactively identify, validate, and understand the risks associated with their exposed API endpoints. Unlike traditional passive discovery methods that rely solely on observing existing API traffic, Salt Surface employs active discovery techniques, uncovering hidden, unmonitored, and forgotten APIs, creating a highly accurate evaluation of an organization’s current external attack surface.
Also Read:ย CIO Influence Interview with Dipto Chakravarty, Chief Product and Technology Officer at Black Duck
The technology is powered by the continuous expertise and cutting-edge research from Salt Labs, a recognized leader in the API security research field. This ensures that Salt Surface’s discovery techniques stay current with the latest tactics employed by attackers. While competing tools often provide large volumes of unrelated or low-context data, Salt Surface focuses on delivering relevant, actionable intelligence.
Salt Surface provides a multi-faceted approach to discovering risks and reducing an organization’s API attack surface. This includes:
- Comprehensive API Discovery:ย Salt Surface actively researches all of an organization’s internet-facing API assets, thoroughly examining domains and subdomains to pinpoint every potential API endpoint. This process enables teams to uncover shadow and zombie endpoints that might otherwise be overlooked by methods that only see existing traffic.
- Vulnerability and Misconfiguration Detection:ย The scan is highly effective at identifying critical security risks associated with discovered APIs. It detects common and severe misconfigurations, highlights potential vulnerabilities, and finds instances of sensitive data exposure.
- Proactive Posture Governance:ย Findings from Salt Surface are automatically evaluated against a robust set of posture governance policies built specifically for externally discovered assets. This provides instant insight into security gaps and policy violations without requiring a single log or traffic sensor to be deployed.
- Actionable Assessment Reporting:ย All discoveries, risks, and policy violations are compiled into a single, consolidated, and evidence-based assessment report. This report is designed to be highly actionable, providing security teams with the clear, prioritized information they need to address vulnerabilities effectively.
Also Read:ย Scott Holden Joins Vanta as Chief Marketing Officer
“Being proactive is no longer optional in API security; it’s mission-critical,” saidย Roey Eliyahu, CEO and co-founder of Salt Security. “Salt Surface gives organizations that proactive edge. It provides the actionable context needed to see their APIs through an attacker’s lens and fix security gaps before they are discovered and exploited.”
