Checkmarx API Security identifies shadow and zombie APIs during software development – Help Net Security

npressfetimg-3413.png

In Las Vegas, at Black Hat USA 2022, Checkmarx has released Checkmarx API Security, the “shift-left” API security solution. Building on the launch of Checkmarx Fusion, which prioritizes and correlates vulnerability data from across different AppSec engines, Checkmarx API Security is delivered as part of the platform Checkmarx One.

The developer workflow-oriented solution inventories even shadow and zombie APIs as part of the inventory and remediation solution to secure the entire API lifecycle.

According to Gartner, “Every connected mobile, modern web or cloud-hosted application uses and exposes APIs. These APIs are used to access data and to call application functionality. APIs are easy to expose but difficult to defend. This creates a large and growing attack surface, leading to a growing number of publicized API attacks and breaches. Traditional network and web protection tools do not protect against all the security threats facing APIs, including many of those described in the OWASP API Security Top 10.”

Checkmarx API Security addresses security issues earlier in the software development lifecycle (SDLC). This differentiation enables:

  • Visibility of APIs: Discovers shadow and zombie APIs with the view into the entire API attack surface.
  • Shift-left approach: Detects APIs in application source code to identify and fix problems earlier in the SDLC.
  • Prioritized remediation: Enables developers and AppSec teams to focus on solving the issues first by prioritizing API vulnerabilities based on their impact and risk.
  • View into application risk: Scans entire applications with a single solution, eliminating the need for additional API-specific tools to reduce the overhead on already pressured AppSec teams.

“Modern application development is increasingly dependent on APIs, which are notoriously difficult to document. Often the only place that a given API’s documentation exists is on the developer’s laptop,” said Checkmarx CEO Emmanuel Benzaquen.

“Our global enterprise customers are focusing on the transition to cloud-native application development, yet their tools have only been able to address part of the API challenge that cloud-native development imposes. The Checkmarx goal is to secure every component of every application in a way that keeps developers productive and simplifies processes for AppSec leaders, thereby keeping their organizations agile, secure and competitive.”, Benzaquen continued.

Checkmarx API Security offers:

  • Automatic API discovery: Automatic identification of API endpoints without requiring manual API definition or registration by AppSec teams or developers.
  • Complete API inventory: The ability to discover newly created or updated APIs as the source code is checked in or compiled by developers, as early as possible in the SDLC.
  • Unknown API identification: Automatic comparison of an application’s complete API inventory against its API documentation to identify unknown, shadow and zombie APIs.
  • API-centric remediation: API-specific views that allow AppSec teams and developers to prioritize remediation of API vulnerabilities and OWASP Top 10 risks.
  • Whole-application coverage: A single application security testing (AST) solution for the entire application, which may include both API- and non-API-based components, offering a holistic view of security risk and prioritization for vulnerability remediation.

Gartner has also reported that “Attacks on applications are shifting to focus on APIs, and the pace of attacks is increasing. API abuses and exploits are a common attack category that can result in data breaches. DevSecOps teams are focusing attention on the need for improved API testing in development. To identify the optimal approach to API testing, they are looking to a mix of traditional tools (such as static AST [SAST] and dynamic AST [DAST]) and emerging solutions focused specifically on the requirements of APIs.”

Checkmarx API Security is available now.

Source: https://www.helpnetsecurity.com/2022/08/11/checkmarx-api-security/

Software development

npressfetimg-1197.png
Software development

Open source software: A pillar of modern software development – Security Boulevard

Open source software provides companies with a competitive edge but when used incorrectly, it can lead to risks in the software supply chain.

Sponsorships Available

*** This is a Security Bloggers Network syndicated blog from Application Security Blog authored by Mike McGuire. Read the original post at: https://www.synopsys.com/blogs/software-security…….

Read More
npressfetimg-1124.png
Software development

Software Development in Healthcare: Trends for 2023 – HealthTechZone

Checking if the site connection is secure

Enable JavaScript and cookies to continue

…….

Read More
npressfetimg-1051.png
Software development

5 ways to enable secure software development in 2023 – TechTarget

Security is on the hook to enable cloud-native development at the same time organizations are under pressure to move their applications to the cloud to increase productivity while managing costs.

Read on to learn about cloud security initiatives designed to drive the efficiency needed to effectively manage security risk and protect applications in the cloud.

<h3 class="section-tit…….

Read More
Powered by WordPress | WP Magazine by WP Mag Plus