Only Salt supports API testing and scanning during the build phase, combined with runtime insights and reporting, to give developers the broadest insights for hardening their APIs.
API design analysis
In test/dev environments, the Salt platform lets you load your OAS or Swagger files and provides a complete analysis of any security gaps such as missing API endpoints, missing parameters, discrepancies with parameter definition, and other valuable insights.
Contextual API security testing
The Salt Security platform provides robust attack simulation across pre-production, development, and runtime environments. These simulations help organizations identify security gaps and business logic flaws early in the lifecycle, and integration with CI/CD systems means developers can address security gaps before releasing or modifying APIs. Salt tailors attacks to the customer’s APIs it learns in these environments.
API drift analysis
The Salt platform helps you run test traffic against your APIs while still in staging/test environments. It then compares the findings to your OAS/Swagger files and shows where your documentation and the live API traffic diverge. You can export the API details the Salt platform inventories automatically so you can easily keep your API documentation up to date and accurate.
Remediation insights learned in runtime
By capturing attacker activity during runtime and sharing it with developers, the Salt platform exposes hacker reconnaissance tactics in use and provides detailed remediation insights developers can use to close security gaps. These insights increase developer education, enabling them to continuously improve the security of the APIs they build in the future. Teams can send Jira tickets, Slack notifications, and other developer communications directly from the Salt platform.
CI/CD integration for your build pipeline
Salt provides built-in integrations so you can streamline and automate API vulnerability validation during the build phase. For APIs that Salt identifies as falling short of your security standards, you choose to allow that build to succeed but require developer sign off on the risk or you can choose to fail that build, with the developer seeing the needed fixes directly in your CI/CD system. The Salt-issued ticket includes the details your dev teams need so they can address the security gaps and risks before releasing the build.