APIsec introduced an update to its API security platform allowing enterprise security and compliance groups to obtain certified, compliant API penetration testing reports on-demand. APIsec c after every code release.
Enterprise security and compliance groups are mandated to perform periodic penetration testing of their applications as required by industry standards like SOC, HIPAA, PCI, NIST, GDPR, CCPA, and FedRAMP.
Such penetration tests typically take months to complete and is a highly manual and expensive process. As a result, organizations generally prioritize pen-tests on the most critical applications, against the most common attack vectors.
APIsec provides a 100% automated and continuous API security testing platform that eliminates the need for expensive, infrequent, manual pen-testing. With this latest release, APIsec now produces certified and on-demand penetration testing reports required by the compliance standards, enabling enterprises to stay compliant at all times at a fraction of cost.
“At Hastee, we take security very seriously, and we adopted a continuous approach to our API security testing efforts. The majority of Penetration Tests are quarterly and therefore outdated as soon as they are published.
“APIsec certified API penetration testing reports would help us address our compliance needs and also help us communicate security at the board level. APIsec keeps us honest,” said Peter Ingram, Chief Technology Officer of Hastee.
“Our customers love the comprehensive security test coverage APIsec provides out of the box, and they wanted to stop hiring expensive, time-consuming outside firms for penetration testing reports,” said Intesar Shannan Mohammed, CTO of APIsec.
“Compliance mandates proof of security for APIs, which traditionally is done manually, infrequently, and is very costly. With this release, APIsec now delivers automated API penetration test certification in minutes that provides 10 times the coverage at 1/10th the price.”
APIsec leveraged the automated penetration test reports capability as part of its own SOC 2 certification. The SOC 2 auditors accepted the automated penetration reports and noted the breadth and completeness of the security test. This feature is now available for all APIsec customers.