Salt Security partners with API testing leaders

Salt Security has launched the Salt Technical Ecosystem Partner (STEP) programme, making it easier and faster for enterprises to leverage the deep API adaptive intelligence Salt provides to reduce risk throughout their API ecosystem. Salt is integrating its AI-driven API security insights across organisations’ existing workflows and tools as part of the programme. The STEP programme accelerates those integrations, enabling joint customers to strengthen their API security posture with best-of-breed solutions enhanced by the API security intelligence of the Salt Security API Protection Platform.

To kick off the STEP program, Salt has introduced its inaugural partners, companies focused on API testing solutions. The partners include dynamic application security testing (DAST) leaders Bright Security, Invicti Security, and StackHawk and interactive application security testing (IAST) leader Contrast Security. With pre-built DAST and IAST integrations, Salt allows organisations to streamline deployment and:

• Move to a risk-based approach for API testing – by connecting cloud to code and focusing on sensitive data.
• Reduce risk with increased surface coverage – by tapping the more accurate and up-to-date API inventory of Salt combined with vulnerability prioritisation from testing partners.
• Gain better quality testing – leveraging best-of-breed testing capabilities spanning OWASP, MITRE, business logic, SQLi, XSS, SSRF, and other tests.
• Reduce friction for DevOps and DevSecOps teams – enabling them to use their existing testing technologies designed for seamless integration into development pipelines.
• Speed time to value – by working with organisations’ existing integrated development environments (IDEs), software pipeline tools, and other workflows.
• Improve efficiencies –  with context-rich OAS files automatically updated in real time, showing what needs to be tested and order of priority, extending the reach and applicability of companies’ existing API tests.
• Increase R&D velocity – by focusing scanning efforts on priority APIs, such as external APIs or those that contain PII.

Along with its focus on testing, the Salt STEP programme formalises work Salt has already done to integrate with other API ecosystem technologies, including WAFs, API gateways and cloud security providers. Salt will jointly develop some integrations with partners and publish APIs to accelerate integrations to enable a broad swathe of partners to quickly pull valuable API data from the Salt system.

Taking this ‘best of breed’ approach ensures that enterprises gain industry-leading capabilities for API security across the entire lifecycle. No single company can bring to bear all the required disciplines to fully secure APIs, and attempting to do so results in mediocre solutions that leave enterprises vulnerable. The integrations resulting from the STEP programme will provide customers with the most capable, easy-to-deploy and effective API protection.

“Salt has taken a unique approach to solving the broad and serious challenge of securing APIs,” said Roey Eliyahu, CEO and co-founder of Salt Security. “Our deep API context offers the industry’s richest API discovery and runtime protection, and now we’re extending that adaptive intelligence to our partners’ best-of-breed solutions, providing our customers with unparalleled API security. We’re excited to welcome Bright, Contrast, Invicti, and StackHawk to our programme with their industry-leading API security testing solutions.”

API-related threats and vulnerabilities have increased in frequency and severity. According to the 2023 State of API Security report, 94% of organisations have experienced security issues in their production APIs over the past year. Moreover, a recent study found that the average cost of a security breach stands at $6.1 million, including remediation costs and reputational brand damage, and is expected to increase to nearly $14.5 million by 2030.