Salt Security has introduced Salt Surface, a new feature within its top-tier API Protection Platform. Salt Surface offers a thorough assessment of an organization’s API attack surface, giving security teams visibility into public-facing APIs from an attacker’s perspective to identify and address specific risks before they’re exploited.
Salt Surface is an active reconnaissance tool meticulously designed to mimic the tactics and techniques used by advanced API attackers. Its primary purpose is to help organizations proactively identify, validate, and understand the risks associated with their exposed API endpoints. Unlike traditional passive discovery methods that rely solely on observing existing API traffic, Salt Surface employs active discovery techniques, uncovering hidden, unmonitored, and forgotten APIs, creating a highly accurate evaluation of an organization’s current external attack surface.
The technology is powered by the continuous expertise and cutting-edge research from Salt Labs, a recognized leader in the API security research field. This ensures that Salt Surface’s discovery techniques stay current with the latest tactics employed by attackers. While competing tools often provide large volumes of unrelated or low-context data, Salt Surface focuses on delivering relevant, actionable intelligence.
Salt Surface provides a multi-faceted approach to discovering risks and reducing an organization’s API attack surface. This includes:
- Comprehensive API Discovery: Salt Surface actively researches all of an organization’s internet-facing API assets, thoroughly examining domains and subdomains to pinpoint every potential API endpoint. This process enables teams to uncover shadow and zombie endpoints that might otherwise be overlooked by methods that only see existing traffic.
- Vulnerability and Misconfiguration Detection: The scan is highly effective at identifying critical security risks associated with discovered APIs. It detects common and severe misconfigurations, highlights potential vulnerabilities, and finds instances of sensitive data exposure.
- Proactive Posture Governance: Findings from Salt Surface are automatically evaluated against a robust set of posture governance policies built specifically for externally discovered assets. This provides instant insight into security gaps and policy violations without requiring a single log or traffic sensor to be deployed.
- Actionable Assessment Reporting: All discoveries, risks, and policy violations are compiled into a single, consolidated, and evidence-based assessment report. This report is designed to be highly actionable, providing security teams with the clear, prioritized information they need to address vulnerabilities effectively.
“Being proactive is no longer optional in API security; it’s mission-critical,” said Roey Eliyahu, CEO and co-founder of Salt Security. “Salt Surface gives organizations that proactive edge. It provides the actionable context needed to see their APIs through an attacker’s lens and fix security gaps before they are discovered and exploited.”
To see Salt Surface in action, Salt Security is offering a complimentary, personalized API Attack Surface Assessment to all organizations here. Salt will also be offering attendees of Black Hat USA complimentary assessments.
Related News:
Salt Security: How CISOs Are Approaching API Risk Survey Report
Salt Security Launches Salt Cloud Connect for AWS: Instant API Protection