Synack Expands Security Platform With Adversarial API Pentesting PlatoBlockchain Data Intelligence. Vertical Search. Ai.

Synack Expands Security Platform With Adversarial API Pentesting

REDWOOD CITY, Calif., Oct. 31, 2022
/ PRNewswire/
— Synack, the premier security testing platform, has
launched an API pentesting capability powered by its global community of
elite security researchers. Organizations can now rely on the Synack
platform for continuous pentesting coverage across “headless” API
endpoints that lack a user interface and are increasingly exposed to
attackers.

“Synack’s human-led, adversarial approach is ideal for testing
APIs that form the backbone of society’s digital transformation,” said
Synack CTO and co-founder Mark Kuhr, a
former National Security Agency cybersecurity expert. “We are thrilled
to offer customers a unique, scalable way to secure this growing area of
their attack surfaces.”

Gartner estimates API abuses will be the most common source of data
breaches in enterprise web applications this year. Synack enables
organizations to verify exploitable API vulnerabilities such as broken
authorization and authentication — noted in the OWASP API top 10 — can’t be abused by malicious hackers.

“Many organizations are struggling to find the top-tier cyber talent needed to root out API-specific vulnerabilities,” said Peter Blanks,
Chief Product Officer at Synack. “We’re excited to extend our Synack
platform to provide human-powered offensive security testing on APIs.”

Synack’s headless API capability builds
on years of API pentesting experience through web and mobile
applications. The new platform features allow customers to enter API
documentation to guide testing scope and coverage. Next, researchers
with the Synack Red Team attempt to exploit API endpoints in the way a
real external adversary would.

Of the Synack Red Team’s over
1,500 global members, only those with proven API testing skills are
activated on API requests, reducing noise. Synack’s Special Projects
division led over 100 successful pentests against headless APIs in 2022,
providing customers with critical proof-of-coverage reports while
validating researchers’ API expertise.

Vulnerability submissions
and testing reports are routed through Synack’s Vulnerability Operations
team for a rigorous vetting process before being displayed in the
platform, minimizing false positives and ensuring high-quality results.

For more information about Synack’s API security testing, please visit www.synack.com.

ABOUT SYNACK

Synack’s premier on-demand security testing platform harnesses a
talented, vetted community of security researchers and smart technology
to deliver continuous penetration testing and vulnerability management,
with actionable results. We are committed to making the world more
secure by closing the cybersecurity skills gap, giving organizations
on-demand access to the most trusted security researchers in the world.
Headquartered in Silicon Valley with regional teams around the world,
Synack protects federal agencies, DoD classified assets and a growing
list of Global 2000 customers, uncovering over 13,000 vulnerabilities
for clients in 2021 alone. For more information, please visit www.synack.com.

SOURCE: Synack

Time Stamp:

More from Dark reading