The Top Five Myths in API Security

Learn more

"Shift left" with proactive API security

Only Salt supports API testing and scanning during the build phase, combined with runtime insights and reporting, to give developers the broadest insights for hardening their APIs.

Discover and remediate API vulnerabilities early in development

Salt Security provides complete coverage of all the vulnerabilities and potential gaps identified in the OWASP API Security Top 10 list. In addition, Salt deploys out of band, so testing won’t impact application behavior.

API design analysis

In staging environments, the Salt platform lets you load your OAS or Swagger files and provides a complete analysis of any security gaps such as missing API endpoints, missing parameters, discrepancies with parameter definition, and other valuable insights.

API drift analysis

The Salt platform helps you run test traffic against your APIs while still in staging/test environments. It then compares the findings to your OAS/Swagger files and shows where your documentation and the live API traffic diverge. You can export the API details the Salt platform inventories automatically so you can easily keep your API documentation up to date and accurate.

CI/CD integration for your build pipeline

Salt provides built-in integrations so you can streamline and automate API vulnerability validation during the build phase. For APIs that Salt identifies as falling short of your security standards, you choose to allow that build to succeed but require developer sign off on the risk or you can choose to fail that build, with the developer seeing the needed fixes directly in your CI/CD system. The Salt-issued ticket includes the details your dev teams need so they can address the security gaps and risks before releasing the build.

Runtime feedback loop for continuous improvement

By capturing attacker activity during runtime and sharing it with developers, the Salt platform exposes hacker reconnaissance tactics in use and provides detailed remediation insights developers can use to close security gaps. These insights increase developer education, enabling them to continuously improve the security of the APIs they build in the future.

Want to see the Salt platform in action?

Request a Demo