Intruder unveils API scanning to help organizations reduce exposure
Intruder updates its cloud-based vulnerability management service, allowing organisations of all sizes to secure their APIs by automatically detecting vulnerabilities, gaps, security weaknesses, and misconfigurations that hackers can exploit.
As more organisations build APIs to facilitate automation, attack surfaces are expanding, making it crucial for organisations to include them under their security operations. Intruder’s latest capability automatically scans every API, providing organisations with detailed insights that they can use to proactively reduce exposure – whether it’s a vulnerability in the web server they’re using or an SQL injection in the parameters of one of the pages they’ve built themselves.
“I’m excited that we can now offer such an easy to use and accurate API scanning capability at a time when it is desperately needed,” said Chris Wallis, CEO of Intruder. “In light of recent high profile API breaches such as Optus and T-Mobile, this feature will give companies full understanding and control over their API security and allow them to implement a more complete exposure management strategy.”
Intruder’s API scanning feature has a focus on ease of use. Instead of scanning infrastructure and APIs separately and attempting to correctly manage several configuration options, Intruder’s inbuilt API scanning capabilities mean customers simply need to add a target and upload the API schema. They will then receive comprehensive data about the asset, providing clear and actionable insights for any vulnerabilities detected.
“API security is notoriously difficult to conceptualise, and the number of APIs exposed to the internet is increasing year-on-year – driven in-part by the demand for greater automation. This is expanding the attack surface that opportunistic hackers can attempt to exploit and then gain access,” said Andy Hornegold, Product Lead at Intruder.
“Intruder simplifies the process of API security from initial setup to continuous monitoring – our customers love the fact that they can ‘set and forget.’ Simultaneously, Intruder’s API scanning is tailored to the APIs of each company, addressing their individual needs. In short, it enables effective API security through informed scanning, saving companies both time and resources,” Hornegold concluded.
Intruder’s new API scanning capabilities are available immediately for all customers, including for free on an introductory 14-day free trial.