Veracode introduces an improved scanning tool to find and fix vulnerabilities in APIs
Veracode has launched an advanced scanning tool that enables companies to find and fix vulnerabilities in application programming interfaces (APIs) – the fastest growing attack surface. The new feature leverages Veracode’s Dynamic Analysis (DAST) scan engine to provide comprehensive security insights and troubleshooting APIs as early and as efficiently as possible.
With the rapid acceleration of digital transformation for businesses as a result of COVID-19, APIs are more important than ever for building modern applications. They enable easy data transfer from one product or service to another and make information available on many systems. At the same time, they also create a desirable attack vector for cyber criminals.
According to Gartner, “API abuse will move from a rare attack vector to the most common attack vector by 2022, leading to data breaches for corporate web applications.”
“The explosion in APIs means application development is becoming more fragmented and decentralized, so the attack surface is growing exponentially,” said Brian Roche, chief product officer at Veracode. “As such, API scanning is the most requested feature from our customers when they are looking for a solution that saves time, frees up resources and provides peace of mind.”
Pest control company kills bugs with API scanning
Veracode’s API scanning has streamlined the process of identifying, prioritizing and remedying vulnerabilities for an internationally renowned pest control specialist. “Modern applications are more complex than ever and we need to understand our level of risk so we can respond quickly and efficiently,” said a senior IT architect for the company.
“Veracode’s dynamic API scanning has saved our teams hours of remediation by isolating high-severity vulnerabilities and ensuring our APIs are secure before they are incorporated into larger applications.”
API scanning ensures an early and efficient elimination of weak points
The new feature enables security and vulnerability managers to analyze their APIs as soon as they are available in a network-accessible runtime environment and before they are integrated into larger applications. The API scan results are grouped by severity and provide detailed troubleshooting guidance along with other dynamic analysis scans in a single dashboard.
This makes it easy for security teams to prioritize vulnerabilities and access the details developers need to quickly fix unsafe code, making it easier for security and development teams to work together smoothly.
Roche added, “Strong API security is becoming a major concern for businesses and a table stakes feature for CISOs. In a world where any relationship should begin without trust, regular API scanning must be a cornerstone of any robust software security strategy. “