Subscribe to the Salt blog to learn about the latest developments in API Security
Aug 23, 2023

Salt Security Partners with API Testing Leaders to Bring Best-of-breed Capabilities to API Security

Salt establishes the Salt Technical Ecosystem Partner (STEP) program, announces inaugural partners, and shares strategies to enrich customers’ API ecosystems with the Salt platform’s API adaptive intelligence.

PALO ALTO, Calif. — August 23, 2023 — Salt Security, the leading API security company, today announced the Salt Technical Ecosystem Partner (STEP) program, making it easier and faster for enterprises to leverage the deep API adaptive intelligence Salt provides to reduce risk throughout their API ecosystem. Salt is integrating its AI-driven API security insights across organizations’ existing workflows and tools as part of the program. The STEP program accelerates those integrations, enabling joint customers to strengthen their API security posture with best-of-breed solutions enhanced by the API security intelligence of the Salt Security API Protection Platform.

To kick off the STEP program, Salt today introduced its inaugural partners, companies focused on API testing solutions. The partners include dynamic application security testing (DAST) leaders Bright Security, Invicti Security, and StackHawk and interactive application security testing (IAST) leader Contrast Security. With pre-built DAST and IAST integrations, Salt allows organizations to streamline deployment and:

  • Move to a risk-based approach for API testing — by connecting cloud to code and focusing on sensitive data.
  • Reduce risk with increased surface coverage — by tapping the more accurate and up-to-date API inventory of Salt combined with vulnerability prioritization from testing partners.
  • Gain better quality testing — leveraging best-of-breed testing capabilities spanning OWASP, MITRE, business logic, SQLi, XSS, SSRF, and other tests.
  • Reduce friction for DevOps and DevSecOps teams — enabling them to use their existing testing technologies designed for seamless integration into development pipelines.
  • Speed time to value — by working with organizations’ existing integrated development environments (IDEs), software pipeline tools, and other workflows.
  • Improve efficiencies — with context-rich OAS files automatically updated in real time, showing what needs to be tested and order of priority, extending the reach and applicability of companies’ existing API tests.
  • Increase R&D velocity — by focusing scanning efforts on priority APIs, such as external APIs or those that contain PII.

Along with its focus on testing, the Salt STEP program formalizes work Salt has already done to integrate with other API ecosystem technologies, including WAFs, API gateways, and cloud security providers. Salt will jointly develop some integrations with partners and publish APIs to accelerate integrations to enable a broad swath of partners to quickly pull valuable API data from the Salt system.

Taking this “best of breed” approach ensures that enterprises gain industry-leading capabilities for API security across the entire lifecycle. No single company can bring to bear all the required disciplines to fully secure APIs, and attempting to do so results in mediocre solutions that leave enterprises vulnerable. The integrations resulting from the STEP program will provide customers with the most capable, easy-to-deploy, and effective API protection.

“Salt has taken a unique approach to solving the broad and serious challenge of securing APIs,” said Roey Eliyahu, CEO and co-founder of Salt Security. “Our deep API context offers the industry’s richest API discovery and runtime protection, and now we’re extending that adaptive intelligence to our partners’ best-of-breed solutions, providing our customers with unparalleled API security. We’re excited to welcome Bright, Contrast, Invicti, and StackHawk to our program with their industry-leading API security testing solutions.”

API-related threats and vulnerabilities have increased in frequency and severity. According to the 2023 State of API Security report, 94% of organizations have experienced security issues in their production APIs over the past year. Moreover, a recent study found that the average cost of a security breach stands at $6.1 million, including remediation costs and reputational brand damage, and is expected to increase to nearly $14.5 million by 2030.

Partner Perspective

"Through our partnership with Salt, Bright is poised to provide our customers with the most sophisticated and complete API security solution in the industry," stated Gadi Bashvitz, CEO of Bright Security. "By leveraging the intelligence derived from Salt, application security (AppSec) and development teams are equipped to significantly improve their organizations’ API security posture. AppSec can provide governance for the AppSec program, and development teams can detect and remediate vulnerabilities early in the development lifecycle."
“As a STEP partner, we look forward to providing our customers with API threat and vulnerability findings from Salt directly in Contrast’s Secure Code Platform,” said Tracey Mead, VP of Strategic Alliances at Contrast Security. “Context is key for application security, and nowhere is context more important than with APIs. With insights into API behaviors driven by Salt, our customers can quickly spot potential problem areas, reduce false positives, and speed remediation efforts – all without missing a beat.”
"Web applications cannot be secure without the necessary testing coverage across APIs," said Michael George, CEO of Invicti. "Our joint customers can now easily benefit from both extensive discovery of APIs and the comprehensive testing coverage and enterprise scale of our DAST engine. Additionally, customers will be able to accelerate vulnerability remediation with verified testing results, continually proven and enhanced by the experience of thousands of current customers.”
“To deliver a strong AppSec program, developers need access to best-of-breed technologies that simplify finding and fixing vulnerabilities before deploying code to production. Given the explosive growth of API development, it’s imperative that teams prioritize and automate security testing for their APIs and do so in a way that seamlessly integrates with developer workflows,” said Joni Klippert, CEO of StackHawk. “As part of the Salt STEP program, StackHawk is excited to bring the most developer-focused and comprehensive API security testing solution to help organizations deliver secure code rapidly. Together, Salt and StackHawk empower organizations with the most robust end-to-end API security experience to build secure software quickly, monitor and respond to attacks, and incorporate that feedback into the building and testing of software development.”

About Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing Solutions, also known as a DAST. Founded in 2018, Bright’s mission is to enable organizations to ship secure Applications and APIs at the speed of business. The company enables quick and iterative scans to identify true and critical security vulnerabilities without compromising on quality or software delivery speeds. Bright empowers AppSec teams to provide the governance for securing APIs and web apps while enabling developers to take ownership of the actual security testing and remediation work early in the SDLC.

About Contrast Security

Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive code security platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

About Invicti

Invicti Security — which acquired and combined AppSec leaders Acunetix and Netsparker — is on a mission: application security with zero noise. An AppSec leader for more than 15 years, Invicti delivers continuous application security designed to be reliable for security and practical for development while serving critical compliance requirements. Customers choose Invicti’s DAST, SCA, and IAST solutions to better secure their environments and ultimately reduce risk across their web applications and APIs. Invicti operates globally with employees in over 11 countries and serves more than 4,000 customer organizations. For more information, visit or follow us on LinkedIn.

About StackHawk

StackHawk is the only dynamic application security testing solution that was built to bridge the trust gap between AppSec and Developers to deliver more secure software faster. The company's developer-focused approach to automating API and application security testing enables developers to easily find and fix security bugs at any stage of software development. With its deliberate approach to developer-focused API security testing, StackHawk helps organizations improve their security posture by eliminating operational inefficiencies, accelerating security-tested releases, and managing risk appropriately. To learn more, visit

About Salt Security

Salt Security protects the APIs that form the core of every modern application. Its patented API Protection Platform is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and hardening APIs. Deployed quickly and seamlessly integrated within existing systems, the Salt platform gives customers immediate value and protection, so they can innovate with confidence and accelerate their digital transformation initiatives. For more information, visit:

Back to News Releases