Indusface launches “Infinite API Scanner”, a Plugin Based Extensible Automated Scanner
The innovative solution was launched at NullCon 2022
Indusface, a leading application security SaaS company that continually detects security risks, provides real-time protection, and improves the performance of websites and applications, today announced the Infinite API Scanner enabling better risk detection capabilities to businesses as well as Pen testing communities. This allows them to automate their test efforts and spend more of their time on thinking and less on executing the security test cases.
APIs are the heartbeat of all digitization initiatives, and the growth of APIs is also opening up new risk vectors. According to Gartner, more than 90% of applications have more attack surface exposed through API than UI and by 2022, API Abuse will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.
What is “Infinite API Scanning”? The real depth and value of effective API scanning currently are delivered only by doing manual assessments with a lot of time spent on executing test cases and reporting vulnerabilities with proof. The Infinite API Scanning approach bridges the gap between automated scanners and manual pen testers by allowing a tester to guide the scanner using minimal annotation by writing pluggable modules to extend the capabilities of the automated scanner. This approach allows them to get not only the benefit of scale from automation but also the depth of a manual approach to creating test cases. The boundaries and limits of what can be achieved via automation are broken and limited only by what the manual pen testers and the human brain can achieve.
Indusface is revolutionizing the API security space by building on its Risk-based API Protection capabilities as it announced earlier this year to further extend the Risk detection capabilities with the “Infinite” API Scanner.
With the Infinite API Scanner, you get:
• Automated API Scanning
• Extensible API scanner with pluggable modules that pen testers and in-house security teams can write to automate security test cases
• 24×7 support and proof of concepts to eliminate any false positives from automated scanners
Collectively through a multi-step approach, customers get to discover APIs, understand risk posture, and ensure a comprehensive risk assessment of APIs.
“Indusface Infinite API Scanning is unique as it breaks the silos between automated scanning and manual pen testing to get the best of both under one unified offering – Speed, coverage, and frequency of automated scans coupled with the depth and ingenuity of manual testing”, said Karthik K, CTO Indusface.
“This is a much-needed innovation as APIs are being increasingly targeted by hackers. This automation helps us focus more on threat vectors instead of carrying out tests,” said Rahul PK, an experienced Penetration Testing practitioner with experience as an individual consultant as well as managing Pen Testing Teams.
While the Infinite API Scanner is only available on paid plans, as part of the launch, you can try the API Scanner here for free.
Try the API Scanner for 14 Days.
About Indusface
Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 3000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.
Indusface has been funded by Tata Capital Growth Fund II, and is the only vendor to be named Gartner Peer Insights™ Customers’ Choice’ in all 7 segments for Voice of Customer WAAP (Web Application and API Protection) Report 2022, is a “Great Place to Work” certified SaaS product company, is PCI, ISO27001, SOC 2, GDPR certified, and has been the recipient of many prestigious start-up awards such as the Economic Times Top 25, NASSCOM DSCI Top Security Company, Deloitte Asia Top 100, among others.
