Learn about the Salt + CrowdStrike Falcon integration

Learn more

The Salt Technical Ecosystem Partner (STEP) Program – Step 1: API Testing

Nick Rago
Aug 23, 2023

We have breaking news! Today we’re launching our Salt Technical Ecosystem Partner (STEP) Program, to accelerate how we can tap the deep API insights of the Salt platform to enrich the API ecosystem. These integrations, which pull the adaptive intelligence Salt builds for each API environment into adjacent technologies, will help customers more quickly and efficiently reduce risk in their organizations. 

For this launch, we’re excited to announce inaugural partners across the API testing landscape. We are thrilled to welcome DAST leaders Bright Security, Invicti Security, and StackHawk and IAST leader Contrast Security to the STEP program.

Working together, we can give our joint customers a bigger and more accurate picture of their attack surface. Our up-to-date API inventory and AI-driven behavioral API insights combined with the vulnerability prioritization capabilities of our testing partners will give organizations extra protection from increasing API security threats and help them to more easily harden their APIs.

Salt strongly believes that API security is a strategy – not a product. No single vendor has all the capabilities needed to deliver a robust API security program. Rather than deliver mediocrity everywhere, Salt is taking a best-of-breed approach. We’re marrying the amazing depth of API detail from Salt with our partners’ specialized capabilities across the API ecosystem to more effectively reduce API risk in our customer environments, throughout an API’s full lifecycle.

In particular, these DAST and IAST integrations via the STEP program give our customers specific advantages in API testing, including: 

  • Increased attack surface coverage
  • Better quality testing
  • Reduced friction for DevOps and DevSecOps teams
  • Accelerated business efficiencies

Increased Attack Surface Coverage

Enriching testing platforms with a detailed and up-to-date API inventory ensures wider attack surface coverage while helping to prioritize where to focus first.

Better quality testing

By leveraging best-of-breed testing capabilities across OWASP, MITRE, business logic, SQLi, XSS, SSRF, and other tests, organizations can take advantage of the industry’s most robust API security test suites. The program also lets companies focus on a risk-based approach for API testing, by focusing on the most critical vulnerabilities.  Additionally, context-rich, automated OAS specs generated by Salt provide testing tools the information they need to go beyond surface scanning, and focus more on testing API business logic, where most API attacks are happening today.

Reduced friction for DevOps and DevSecOps teams 

The STEP program also benefits DevOps and DevSecOps by seamlessly integrating with their daily tools – making it easier for them to detect and remediate API vulnerabilities earlier in development. STEP also lets DevOps teams use the API testing tools they have in place, which have already been designed into their workflows and development pipelines.

Accelerated business efficiencies

By working with existing integrated development environments (IDEs), software pipeline tools, and other workflows, the STEP program also increases efficiencies, speeding time to value. Integrations also accelerate R&D velocity – by focusing scanning efforts on priority APIs, such as external APIs or those that contain the most highly sensitive data, organizations can more quickly move through priority needs and release critical code and applications faster. 

While our STEP partners have taken the time to streamline direct integrations with the Salt platform, we realize that the testing world is a big one, and that there are many other testing technologies organizations are already happily using today. To that end, we have exposed an API that would allow organizations to create the tooling to generically enrich their existing testing tools with the adaptive API intelligence of the Salt platform.

Salt – strengthening enterprises’ API security posture with STEP

To secure modern web applications, organizations require testing coverage across APIs – in pre-production and production. The DAST and IAST solutions delivered by our new partners have all been proven in the marketplace, providing best-in-class value that’s been enhanced through time, experience, and focus. 

With APIs being developed faster than ever, organizations must prioritize API security testing – but it must be done in a way that works within existing developer workflows, and does not add new more friction to development cycles. Our STEP testing partners know this first hand. Their solutions have been designed from the ground up to offer robust testing capabilities in the least abrasive ways. And when enriched with API intelligence from Salt, they are empowered to provide the most effective API testing in the industry. 

To fully address the major challenge that is API security, we at Salt know we can’t do it alone. We’re thrilled to have leaders in their own markets join us and tap the Salt intelligence to make APIs safer for everyone to build and use. 

Got an API ecosystem partner you want to see “STEP” into the Salt fold? Drop us a line and we’ll see how we can grow the STEP program to support your preferred providers.

Go back to blog

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide