TLDR Key Takeaways
Automated reports used to satisfy compliance requirements for APIsec SOC 2 certification
SAN FRANCISCO, Oct. 5, 2020 /PRNewswire/ — APIsec, Inc. introduced today an update to its API security platform allowing enterprise security and compliance groups to obtain certified, compliant API penetration testing reports on-demand. APIsec now provides detailed pen-test reports that can be automated and published automatically after every code release.Enterprise security and compliance groups are mandated to perform periodic penetration testing of their applications as required by industry standards like SOC, HIPAA, PCI, NIST, GDPR, CCPA, and FedRAMP. Such penetration tests typically take months to complete and is a highly manual and expensive process. As a result, organizations generally prioritize pen-tests on the most critical applications, against the most common attack vectors.
APIsec provides the industry’s only 100% automated and continuous API security testing platform that eliminates the need for expensive, infrequent, manual pen-testing. With this latest release, APIsec now produces certified and on-demand penetration testing reports required by the compliance standards, enabling enterprises to stay compliant at all times at a fraction of cost.
“At Hastee, we take security very seriously, and we adopted a continuous approach to our API security testing efforts. The majority of Penetration Tests are quarterly and therefore outdated as soon as they are published. APIsec certified API penetration testing reports would help us address our compliance needs and also help us communicate security at the board level. APIsec keeps us honest,” said Peter Ingram, Chief Technology Officer of Hastee.
“Our customers love the comprehensive security test coverage APIsec provides out of the box, and they wanted to stop hiring expensive, time-consuming outside firms for penetration testing reports,” said Intesar Shannan Mohammed, Founder and Chief Technology Officer of APIsec. “Compliance mandates proof of security for APIs, which traditionally is done manually, infrequently, and is very costly. With this release, APIsec now delivers automated API penetration test certification in minutes that provides 10 times the coverage at 1/10th the price.”
APIsec leveraged the automated penetration test reports capability as part of its own SOC 2 certification. The SOC 2 auditors accepted the automated penetration reports and noted the breadth and completeness of the security test. This feature is now available for all APIsec customers. Visit www.apisec.ai to learn more and register for a free API security test.
About APIsec, Inc:
APIsec brings comprehensive security to any API, automatically discovering security zero-day vulnerabilities, business logic faults, and RBAC issues. With no tuning or training, APIsec automatically creates and runs thousands of attack scenarios against APIs, filing issues with ticketing systems, and producing compliance-ready pen-test reports. APIsec integrates with API gateways and platforms, and with CI/CD frameworks to automatically test new code in real-time. APIsec makes pen-testing automated, continuous, and comprehensive, providing critical visibility into application vulnerabilities before production.