Application programming interface security startup Traceable Inc. today announced the general availability of its API Security Testing offering which enables any API in pre-production to be tested for vulnerabilities, accuracy, reliability and overall security.

Offered as part of Traceable’s API Security Platform, the new comprehensive and seamless testing ability is designed to ensure organizations are aligned with the highest API security standards before releasing APIs into production.

Traceable’s API Security Testing offering is built to make testing of APIs fast, easy and a seamless experience for both development and security teams. The service offers support for shift left initiatives, including remediation insights from runtime back to development to allow developers to harden their APIs further.

The testing solution provides complete vulnerability analysis that leverages functional testing, API DNA and user attribution for improved detection and coverage. It offers extensive coverage for the Open Web Application Security Project API top 10, top Common Vulnerabilities and Exposure across Java, Go, Node JS, AuthN, AuthZ and others, business logic vulnerabilities and sensitive data exposure.

Uniform API testing in API Security Testing is based on dynamic payloads for standard tests and dynamic Traceable payloads for business logic vulnerabilities such as Broken Object Level Authoritzion, with Traceable claiming the service offers virtually zero false positives.

The DevSecOps focus enables companies to identify API security gaps between production and pre-production, perform fast scans for actionable results in continuous integration/continuous deployment or CI/CD pipelines and scan at a granularity from every pull request with API specific changes. It does so while utilizing integrations with application security tools, including software composition analysis, static application security testing and dynamic and interactive application security testing.

Key features of the service include eliminating the risk of vulnerable APIs, cost reduction and rapid scans that maintain the speed of innovation and comprehensive reports. For operational effectiveness, Traceable API Security Testing is easy to deploy and reduces complexity, with numerous CI/CD and appsec tooling integrations that allow for operational effectiveness.

“Because of our comprehensive approach to API security, the testing component was the logical evolution,” Sanjay Nagaraj, chief technology officer of Traceable, said in a statement. “It is key to enable development teams to identify security weaknesses and vulnerabilities in the build itself, in addition to the capability of providing runtime insights back to development teams, so they can further harden their APIs.”

Image: Traceable