In an era where APIs power over half of all web traffic and form the backbone of modern digital infrastructure, robust API security is no longer optional—it’s a strategic imperative. HCLSoftware, in partnership with Salt Security, has launched HCL AppScan API Security, a comprehensive solution designed to uncover, secure, and govern APIs across development and runtime environments. With APIs increasingly becoming a primary attack vector, this offering ensures organizations can maintain innovation while effectively managing risk.
The Growing Risk Landscape for APIs
1. Explosive API Growth and Vulnerabilities
- APIs now drive critical functions like cloud services, mobile applications, IoT devices, and e-commerce platforms.
- Over 50% of web traffic today stems from API calls.
- API usage has skyrocketed, leading to increased attack surfaces and vulnerabilities.
2. Alarming Security Trends
- 2023 and 2024 saw significant increases in API-related attacks and data breaches.
- 37% of organizations in 2024 reported experiencing an API security incident—twice the rate from the previous year.
- High-profile breaches have affected sectors such as social media, technology, and e-commerce.
3. Hidden API Assets: The Unseen Threat
- Many companies cannot quantify the APIs they use.
- Shadow APIs (undocumented) and Zombie APIs (outdated but active) pose major security risks.
- Inventory and visibility are the first critical steps toward comprehensive security.
HCL AppScan API Security: Core Capabilities
1. AI-Infused API Discovery Platform
- Expert-trained AI engine continuously scans and inventories all APIs.
- Detects both documented and hidden APIs (shadow and zombie).
- Links APIs to owners, business functions, and sensitive data.
2. Compliance and Data Protection
- Identifies sensitive data in transit to ensure compliance with GDPR, HIPAA, and PCI DSS.
- Enables continuous security posture assessment across all API assets.
3. Integration with Salt Security
- Combines HCL’s vulnerability scanning with Salt’s real-time API governance.
- Offers real-time attack surface visibility and threat monitoring.
- Addresses undocumented APIs and maintains continuous compliance.
4. Aligning with OWASP API Security Top 10
- 100% coverage of OWASP’s most critical API security risks.
- Tackles key threats like Broken Object Level Authorization (BOLA), Excessive Data Exposure, and Misconfigurations.
- Automated testing and policy enforcement ensure best-practice adoption.
5. Development and Runtime Governance
- Enforces corporate API standards across development cycles and production.
- AI-based insights help prioritize risky API assets for remediation.
- Features a vast policy library and pre-built templates for rapid deployment.
6. Dynamic Testing for API Vulnerabilities
- Integrates API-specific Dynamic Application Security Testing (DAST).
- Enhances accuracy using updated specs, business logic, and API configuration data.
HCL AppScan API Security, powered by Salt Security, provides a next-generation solution for organizations looking to secure their growing API ecosystems. With real-time discovery, policy enforcement, and alignment with global security standards, this partnership enables enterprises to safeguard digital assets and maintain regulatory compliance—without compromising on speed or innovation. As API usage continues to grow, tools like AppScan API Security are essential to reducing risk and ensuring long-term digital resilience.
