Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post


The Salt Technical Ecosystem Partner (STEP) Program — Step 1: API Testing

Nick Rago
Aug 23, 2023

We have breaking news! Today we’re launching our Salt Technical Ecosystem Partner (STEP) Program, to accelerate how we can tap the deep API insights of the Salt platform to enrich the API ecosystem. These integrations, which pull the adaptive intelligence Salt builds for each API environment into adjacent technologies, will help customers more quickly and efficiently reduce risk in their organizations. 

For this launch, we’re excited to announce inaugural partners across the API testing landscape. We are thrilled to welcome DAST leaders Bright Security, Invicti Security, and StackHawk and IAST leader Contrast Security to the STEP program.

Working together, we can give our joint customers a bigger and more accurate picture of their attack surface. Our up-to-date API inventory and AI-driven behavioral API insights combined with the vulnerability prioritization capabilities of our testing partners will give organizations extra protection from increasing API security threats and help them to more easily harden their APIs.

Salt strongly believes that API security is a strategy — not a product. No single vendor has all the capabilities needed to deliver a robust API security program. Rather than deliver mediocrity everywhere, Salt is taking a best-of-breed approach. We’re marrying the amazing depth of API detail from Salt with our partners’ specialized capabilities across the API ecosystem to more effectively reduce API risk in our customer environments, throughout an API’s full lifecycle.

In particular, these DAST and IAST integrations via the STEP program give our customers specific advantages in API testing, including: 

  • Increased attack surface coverage
  • Better quality testing
  • Reduced friction for DevOps and DevSecOps teams
  • Accelerated business efficiencies

Increased Attack Surface Coverage

Enriching testing platforms with a detailed and up-to-date API inventory ensures wider attack surface coverage while helping to prioritize where to focus first.

Better quality testing

By leveraging best-of-breed testing capabilities across OWASP, MITRE, business logic, SQLi, XSS, SSRF, and other tests, organizations can take advantage of the industry’s most robust API security test suites. The program also lets companies focus on a risk-based approach for API testing, by focusing on the most critical vulnerabilities.  Additionally, context-rich, automated OAS specs generated by Salt provide testing tools the information they need to go beyond surface scanning, and focus more on testing API business logic, where most API attacks are happening today.

Reduced friction for DevOps and DevSecOps teams 

The STEP program also benefits DevOps and DevSecOps by seamlessly integrating with their daily tools – making it easier for them to detect and remediate API vulnerabilities earlier in development. STEP also lets DevOps teams use the API testing tools they have in place, which have already been designed into their workflows and development pipelines.

Accelerated business efficiencies

By working with existing integrated development environments (IDEs), software pipeline tools, and other workflows, the STEP program also increases efficiencies, speeding time to value. Integrations also accelerate R&D velocity – by focusing scanning efforts on priority APIs, such as external APIs or those that contain the most highly sensitive data, organizations can more quickly move through priority needs and release critical code and applications faster. 

While our STEP partners have taken the time to streamline direct integrations with the Salt platform, we realize that the testing world is a big one, and that there are many other testing technologies organizations are already happily using today. To that end, we have exposed an API that would allow organizations to create the tooling to generically enrich their existing testing tools with the adaptive API intelligence of the Salt platform.

Salt — strengthening enterprises’ API security posture with STEP

To secure modern web applications, organizations require testing coverage across APIs — in pre-production and production. The DAST and IAST solutions delivered by our new partners have all been proven in the marketplace, providing best-in-class value that’s been enhanced through time, experience, and focus. 

With APIs being developed faster than ever, organizations must prioritize API security testing — but it must be done in a way that works within existing developer workflows, and does not add new more friction to development cycles. Our STEP testing partners know this first hand. Their solutions have been designed from the ground up to offer robust testing capabilities in the least abrasive ways. And when enriched with API intelligence from Salt, they are empowered to provide the most effective API testing in the industry. 

To fully address the major challenge that is API security, we at Salt know we can’t do it alone. We’re thrilled to have leaders in their own markets join us and tap the Salt intelligence to make APIs safer for everyone to build and use. 

Got an API ecosystem partner you want to see “STEP” into the Salt fold? Drop us a line and we’ll see how we can grow the STEP program to support your preferred providers.


Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

June 18, 2024

Salt Labs
Research Team

Salt Labs

Increasing API Traffic, Proliferating Attack Activity and Lack of Maturity: Key Findings from Salt Security’s 2024 State of API Security Report

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents.

Read more

June 12, 2024

Elad Hoffer
Head of Product R/T Protection


Salt Security Leading the Way in AI-Driven API Security for Next-Generation Threat Protection and Attacker Insights

Learn how the recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

Read more

June 7, 2024

Eric Schwake
Head of Product Marketing

A Salt Security Perspective on the 2024 Gartner® Market Guide for API Protection

Salt Security's API Protection Platform is AI-infused and designed to address the challenges outlined in the Gartner report.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide