Download PDF version Contact company

Invicti, the pioneering provider of application security testing solutions, announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution.

The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As development teams embrace the productivity benefits of AI code assistants, API creation accelerates further. But while AI code assistants are boosting developer productivity, they cannot yet generate secure application code or secure APIs consistently, propagating the risk from vulnerable APIs deployed into web services.

API security testing

76% of organisations report having an average of 26 APIs per application deployed

According to ESG’s report Securing The API Attack Surface, 76% of organisations report having an average of 26 APIs per application deployed. Many of these APIs are undocumented and unmonitored, so the security challenge is now about confidently and quickly finding APIs, testing them for vulnerabilities, and performing remediation. 

With Invicti API Security, organisations can realise comprehensive API discovery alongside proactive API security testing.

Multiple discovery methods

Invicti API Security includes multiple discovery methods to enable comprehensive identification of known and undocumented APIs, including:

  • Zero-configuration discovery to identify API specifications, scanning cloud environments for accessible paths
  • API management system integrations to fetch and sync accurate and latest API specifications into inventory
  • Network API traffic analysis to identify and reconstruct API calls into API definition files based on observed traffic

Advantages of web application security

These web application security uses can be deployed jointly with API find and security testing

With the Invicti Platform’s extensive API discovery capabilities, we are able to deliver a tool consolidation option, combining web application and API security into a single solution,” said Neil Roseman, CEO at Invicti. “As tool sprawl and budgetary constraints grow, CISOs can rely on the Invicti solution to address the growing API security concerns in addition to reducing their team’s tool complexity.”

For decades, Invicti has provided the advantage of web application security testing coverage, accuracy, speed, and scale. The combination of continuous automated discovery, proof-based scanning to verify critical vulnerabilities for developers, and recently added Predictive Risk Scoring to advance prioritisation efforts provide customers with a unique set of benefits. These web application security benefits can be deployed together with API discovery and security testing. 

Customers’ sensitive data

Our research shows that security pioneers are increasingly concerned with API security and their ability to secure their customers’ sensitive data. This is because as developers build feature-rich applications with integrations and communications to resources, the APIs, especially unknown shadow APIs, create rapidly proliferating attack surfaces,” said Melinda Marks, Practice Director, Cybersecurity at ESG. “The Invicti approach applies a multi-layer discovery method to thoroughly identify APIs, helping organisations deliver secure applications.”

Invicti API Security is available to Invicti customers across both Acunetix and Invicti (formerly Netsparker) product lines to extend their use of the Invicti platform. New customers can purchase the product as a web application and API security combination, or a standalone API Security option.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?