Singapore: Checkmarx, a global application security testing (AST) solutions provider, announced today the availability of Checkmarx API Security, the first true “shift-left” API security solution.
The company said Checkmarx API Security is delivered as part of the application security platform Checkmarx One. The developer workflow-oriented solution inventories even shadow and zombie APIs as part of the most comprehensive inventory and remediation solution available to secure the entire API lifecycle.
According to Gartner, every connected mobile, modern web or cloud-hosted application uses and exposes APIs. These APIs are used to access data and to call application functionality. APIs are easy to expose but difficult to defend.
This creates a large and growing attack surface, leading to a growing number of publicised API attacks and breaches. Traditional network and web protection tools do not protect against all the security threats facing APIs.
While other API security offerings can only discover APIs already deployed in production, Checkmarx API Security addresses security issues earlier in the software development lifecycle (SDLC). This differentiation uniquely enables:
Comprehensive visibility of APIs: Discovers shadow and zombie APIs with the most accurate and up-to-date view into the entire API attack surface.
True shift-left approach: Detects APIs in application source code to identify and fix problems earlier in the SDLC – faster, with less cost and lower risk.
Prioritised remediation: Enables developers and AppSec teams to focus on solving the most critical issues first by prioritising API vulnerabilities based on their real impact and risk.
Holistic view into application risk: Scans entire applications with a single solution, eliminating the need for additional API-specific tools to reduce the overhead on already pressured AppSec teams.
“Modern application development is increasingly dependent on APIs, which are notoriously difficult to document. Often the only place that a given API’s documentation exists is on the developer’s laptop,” said Checkmarx CEO Emmanuel Benzaquen.
“The Checkmarx goal is to secure every component of every application in a way that keeps developers productive and simplifies processes for AppSec leaders, thereby keeping their organisations agile, secure and competitive,” added Benzaquen.