In college a good friend of mine got deeply involved in the martial art Aikido. Unlike other martial arts I was familiar with one of the things that stuck out for me was the concept of using an attacker’s momentum against them. Instead of directly attacking, the defender would wait for a move from their opponent, like a lunge, and harness that momentum to take control.
Most teams take a proactive approach to eliminating API vulnerabilities. This might include activities like security awareness training for developers as well as employing code scanning solutions, penetration testing and bug bounty programs to find potential vulnerabilities. While these are all important to help you ship secure applications they can take significant time and energy while leaving teams with the challenge of prioritization. In the end, often times, significant vulnerabilities still remain.
At Salt Security we use a similar concept to what my friend learned in Aikido. We say we turn attackers into penetration testers. During reconnaissance an attacker probes your API to learn about the logic and to look for vulnerabilities. Much like in Aikido we harness this activity and use it in our favor to not only stop them but also to provide insight into what the attacker has found. These insights are then used to generate remediation instructions to help security teams and developers understand where vulnerabilities exist and how to eliminate them at their source.
This approach of using an attackers activity in your favor has a few big advantages:
Remediation is just one of the core components of the Salt Security solution. This coupled with the discovery of APIs and the ability to prevent attacks from advancing provide you with a comprehensive solution for building and delivering secure modern applications.
Want to learn more about how we can help you harness the efforts of attackers to make your APIs more secure? Check out our Remediaton Solution Brief or contact us for a demo. We’d love to show you how we can help you deliver secure APIs and innovate securely.
Having Forbes single out Salt Security as one of only 25 of the “Next Billion-Dollar Startups” testifies to the combination of both the significant lead we enjoy in the market and the enormity of the problem we solve.
Salt Labs researchers investigated a large business-to-consumer (B2C) online platform that provides API-based mobile applications and software as a service to millions of users globally.