Salt Security has launched Salt Surface, a new capability in its API Protection Platform. The tool provides organizations with a comprehensive API attack surface assessment, allowing them to identify, validate, and understand the risks associated with their exposed API endpoints. Salt Surface uses active reconnaissance techniques to uncover hidden, unmonitored, and forgotten APIs, providing an attacker’s-eye view of their current external attack surface. The technology is powered by Salt Labs’ continuous expertise and cutting-edge research, ensuring its discovery techniques stay current with the latest attacker tactics. Salt Surface provides a multi-faceted approach to discovering risks and reducing an organization’s API attack surface. This includes: Comprehensive API Discovery: Salt Surface actively researches all of an organization’s internet-facing API assets, thoroughly examining domains and subdomains to pinpoint every potential API endpoint. This process enables teams to uncover shadow and zombie endpoints that might otherwise be overlooked by methods that only see existing traffic.
Vulnerability and Misconfiguration Detection: The scan is highly effective at identifying critical security risks associated with discovered APIs. It detects common and severe misconfigurations, highlights potential vulnerabilities, and finds instances of sensitive data exposure.