Subscribe to our blog.
Subscribe Now
In test/dev environments, the Salt platform lets you load your OAS or Swagger files and provides a complete analysis of any security gaps such as missing API endpoints, missing parameters, discrepancies with parameter definition, and other valuable insights.
The Salt Security platform provides robust attack simulation API security testing across pre-production and development environments. These simulations help organizations identify security gaps and business logic flaws early in the lifecycle, and integration with CI/CD systems means developers can address security gaps before releasing or modifying APIs. Salt tailors attacks to the customer’s APIs it learns in these environments.
The Salt platform helps you run test traffic against your APIs while still in staging/test environments. It then compares the findings to your OAS/Swagger files and shows where your documentation and the live API traffic diverge. You can export the API details the Salt platform inventories automatically so you can easily keep your API documentation up to date and accurate.
By capturing attacker activity during runtime and sharing it with developers, the Salt platform exposes hacker reconnaissance tactics in use and provides detailed remediation insights developers can use to close security gaps. These insights increase developer education, enabling them to continuously improve the security of the APIs they build in the future. Teams can send Jira tickets, Slack notifications, and other developer communications directly from the Salt platform.
Salt provides built-in integrations so you can streamline and automate API vulnerability validation during the build phase. For APIs that Salt identifies as falling short of your security standards, you choose to allow that build to succeed but require developer sign off on the risk or you can choose to fail that build, with the developer seeing the needed fixes directly in your CI/CD system. The Salt-issued ticket includes the details your dev teams need so they can address the security gaps and risks before releasing the build.
