Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

How Martial Arts Can Help You Eliminate API Vulnerabilities

Chris WestphalChris Westphal
Aug 21, 2019

In college a good friend of mine got deeply involved in the martial art Aikido. Unlike other martial arts I was familiar with one of the things that stuck out for me was the concept of using an attacker’s momentum against them. Instead of directly attacking, the defender would wait for a move from their opponent, like a lunge, and harness that momentum to take control.

Most teams take a proactive approach to eliminating  API vulnerabilities. This might include activities like security awareness training for developers as well as employing code scanning solutions, penetration testing and bug bounty programs to find potential vulnerabilities. While these are all important to help you ship secure applications they can take significant time and energy while leaving teams with the challenge of prioritization. In the end, often times, significant vulnerabilities still remain.

Learn about the security implications of modern apps and what you need to protect your APIs.

Turning Attackers Into Penetration Testers

At Salt Security we use a similar concept to what my friend learned in Aikido. We say we turn attackers into penetration testers. During reconnaissance an attacker probes your API to learn about the logic and to look for vulnerabilities. Much like in Aikido we harness this activity and use it in our favor to not only stop them but also to provide insight into what the attacker has found. These insights are then used to generate remediation instructions to help security teams and developers understand where vulnerabilities exist and how to eliminate them at their source.

The Advantages

This approach of using an attackers activity in your favor has a few big advantages:

  • No effort to find vulnerabilities – attackers do all of the work as they perform reconnaissance looking for vulnerabilities. There’s no time, effort or expertise needed to set up scanning solutions, run penetration tests or manage bug bounty programs.
  • Prioritization is done for you – vulnerabilities found are those uncovered by real attackers and can be considered a high priority for remediation.
  • Comprehensive coverage – vulnerabilities are uncovered wherever attackers find them and not where you decide to scan which often times can be limited based on time, budget and resources.
  • Quick remediation – insights include details on where the vulnerability exists, normal expected behavior and a suggestion to remediate therefore minimizing the need to research a solution.
  • Bridging the security and developer gap – the insights help security and development teams get on the same page to understand where vulnerabilities exist and why they’re critical.
  • Developers learn – insights help developers understand how real attackers think and how they can avoid similar gaps in future projects.
The Solution

Remediation is just one of the core components of the Salt Security solution. This coupled with the discovery of APIs and the ability to prevent attacks from advancing provide you with a comprehensive solution for building and delivering secure modern applications.

Want to learn more about how we can help you harness the efforts of attackers to make your APIs more secure? Check out our Remediaton Solution Brief or contact us for a demo. We’d love to show you how we can help you deliver secure APIs and  innovate securely.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

June 18, 2024

Salt Labs
Research Team

Salt Labs

Increasing API Traffic, Proliferating Attack Activity and Lack of Maturity: Key Findings from Salt Security’s 2024 State of API Security Report

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents.

Read more

June 12, 2024

Elad Hoffer
Head of Product R/T Protection

Product

Salt Security Leading the Way in AI-Driven API Security for Next-Generation Threat Protection and Attacker Insights

Learn how the recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

Read more

June 7, 2024

Eric Schwake
Head of Product Marketing

A Salt Security Perspective on the 2024 Gartner® Market Guide for API Protection

Salt Security's API Protection Platform is AI-infused and designed to address the challenges outlined in the Gartner report.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide
Back