StackHawk, the company making web application and API security testing part of software delivery, announced API Discovery Powered by HawkAI, an AI driven feature, that gives security teams a more efficient way to understand their organization’s attack surface. HawkAI not only uncovers and recommends which APIs and applications to bring under test, but also boosts teamwork between security and developer teams, giving businesses the critical insights they need.
Security leaders are grappling with a critical concern: understanding and accurately identifying their API and application attack surfaces. Achieving sufficient security testing coverage is the number one priority. According to market insights from research analyst Melinda Marks, Practice Director, Cybersecurity, for Enterprise Strategy Group, “87% of respondents are concerned about shadow and undiscovered APIs, with 38% considering it a significant concern and 49% viewing it as a moderate concern”, as shared in The Urgency of Addressing API Security in an Application Security Program.
“Identifying all APIs and managing them has been a challenge. This feature will automate and improve our process.” Lake Setser, Information Security Lead, CommunityAmerica Credit Union
Also Read: ThetaRay Revolutionizes AI Financial Crime Detection with Screena Acquisition
StackHawk’s unique approach to API discovery leverages source code as the source of truth to obtain the full scope of an organization’s APIs and applications. This offers a level of visibility, previously unavailable for AppSec teams to understand their organization’s attack surface. StackHawk provides a prioritized view on which APIs and applications to bring under test to boost overall operational efficiency of your AppSec testing program while fostering improved workflows with development teams.
“Many security teams are struggling to keep pace with the rapid development of APIs,” said Joni Klippert, CEO of StackHawk. “Our internal analysis reveals that a significant portion of APIs go untested simply because they are undiscovered. API Discovery powered by HawkAI solves this problem by automatically identifying all APIs within an organization’s code repositories, giving security teams a complete picture of their attack surface.”
Security teams benefit from API Discovery layered with HawkAI’s comprehensive suite of features, including:
- Effortless Discovery and Attack Surface Definition: API Discovery powered by HawkAI integrates seamlessly with existing code repositories to automatically identify repositories containing running applications and APIs. This AI-powered solution uncovers previously unknown APIs, providing a comprehensive view of an organization’s attack surface. Security teams can then monitor progress toward achieving complete API coverage.
- Continuous Oversight and Alignment with Security Policies: Once API assets are identified, HawkAI helps ensure that security processes keep pace with the constant stream of code changes. HawkAI tracks how often code is deployed to API assets and compares it to testing frequency. This enables security teams to identify discrepancies between security policies and actual testing coverage.
- Collaboration and Streamlined Security Testing: HawkAI goes beyond just discovery. It provides valuable insights to foster collaboration with development teams. When a previously untested asset is discovered, HawkAI identifies the last developer who committed code, allowing for easy communication and a deeper understanding of the asset’s purpose. This streamlines the process of bringing the asset under security testing.
API Discovery powered by HawkAI ensures comprehensive testing coverage by prioritizing the identification of the API attack surface. The source code serves as the definitive source of truth for understanding this attack surface, providing a holistic view of APIs and applications. StackHawk‘s solution not only excels in discovering vulnerabilities but also enhances collaboration between security and developer teams. It simplifies the process of subjecting APIs and applications to thorough security testing, thereby fortifying your defenses effectively.
SOURCE: PRNewsWire