A comprehensive API Security solution designed to help organizations effectively manage their API assets while minimizing risk.
HCLSoftware, a global leader in enterprise software solutions, announced today the launch of HCL AppScan API Security, in partnership with Salt Security. This comprehensive API security program enables organizations to effectively manage all their API assets and ensure they continue to deliver business value without introducing increased levels of risk.
Catch more CIO Insights:ย Ghost Security Releases Groundbreaking Research: AI-Driven Analysis Exposes Flaws in Static Application Security Testing
HCL AppScan API Securityย is designed to reduce security blind spots with an expert-trained, AI-infused discovery platform that finds and inventories all API assets, ensures corporate API standards in runtime and development, and integrates seamlessly with dynamic analysis to pinpoint and fix vulnerabilities.
Application Programming Interfaces (APIs) are rapidly transforming the digital landscape, with APIs now accounting for well over 50 percent of all web traffic. APIs facilitate seamless communication between applications and are now being relied upon to drive cloud services, mobile apps, and Internet of Things (IoT) devices. But all this traffic has, at the same time, made APIs a leading attack vector that can be exploited by bad actors, and organizations are now facing a whole new set of security challenges.
“The growing dependence on APIs has made robust API security a boardroom-level concern for our customers, all of whom are looking to improve their security posture and safeguard their digital ecosystems,” saidย Rajesh Iyer, Executive Vice President, HCLSoftware.
2023 saw a significant increase over previous years in both the total number of API attacks, as well as the percentage of data breaches associated with API vulnerabilities. And the trend is continuing. In the recent 2024 State of API Security report from Salt Security, 37% of the organizations surveyed reported having experienced an API-related security incident โ twice that of the previous year. Just in the first six months of 2024, various news agencies have reported large-scale API-related attacks across numerous industries including social media and file sharing platforms, technology companies, and e-commerce sites, to name a few, leading to compromised data for millions of users.
APIs have become so ubiquitous that many companies don’t even know how many they are using. The number for medium and larger organizations can easily be in the hundreds. APIs now play multiple roles in every industry, most evidently in functionality such as online shopping, media delivery, payment gateways, workflow automation, microservices, software development โ the list goes on. This means that the first step to securing APIs is gathering a full and accurate inventory of what is being used.
“One of the key capabilities of HCL AppScan API Security is its ability to continuously discover and record an organization’s entire API inventory.” saidย Colin Bell, CTO for HCL AppScan. “This allows security teams to gain insights into their overall security posture.”
Read More onย CIO Influence:ย AI-Augmented Risk Scoring in Shared Data Ecosystems
The rising trend in API attacks led the Open Web Application Security Project (OWASP) to create The OWASP API Security Top 10 โ a list of the most critical security risks specifically related to APIs. The list was compiled to help organizations understand and mitigate the risks associated with API vulnerabilities. These include key areas that organizations should focus on when securing their APIs such as Broken Object Level Authorization (BOLA), Excessive Data Exposure, and Security Misconfiguration, just to name a few. According to the 2024 State of API Security report from Salt Security, 80% of attack attempts leverage one or more of OWASP API Top 10 methods, but only about 58% of respondents surveyed focus their security efforts around this list.
“With the rise in API security incidents and regulatory oversight, organizations need to maintain continuous compliance across their API ecosystems,” statedย Michael Nicosia, COO and Co-founder at Salt Security. “By combining HCL AppScan’s powerful scanning features with Salt Security’s real-time governance and visibility of attack surfaces, including our discovery of undocumented and shadow APIs, we deliver unified insights and deeper visibility across their entire API landscape. This enables organizations to proactively identify risks and uphold compliance with essential standards such as PCI DSS, GDPR, and HIPAA throughout the API lifecycle.”
HCL AppScan API Security ensures 100 percent coverage of the OWASP API Security Top 10 list and provides organizations with numerous capabilities for more robust API security including:
- Reduce security blind spots with an expert-trained, AI-infused API discovery platform
- Discover and inventory all APIs, including Shadow and Zombie APIs
- Pinpoint sensitive data in transit and ensure compliance with relevant regulations (e.g.,ย GDPR, HIPAA, and PCI DSS)
- Link APIs to owners and functions
- Gain insights into the security posture of your entire API landscape
- Ensure corporate API standards in runtime and development with the help of AI-based insights that assess and prioritize the riskiest API assets
- Adopt industry best practices using pre-built policy templates and an expansive API policy library
- Integrateย API-specific DAST vulnerability testing and improve accuracy with up-to-date specs, business logic, and API configuration data
[To share your insights with us, please write toย psen@itechseries.comย ]
