Salt Security API Protection Platform Updated
October 20, 2021

Salt Security announced new capabilities in its next-generation Salt Security API Protection Platform to secure GraphQL APIs.

This update will enable users of GraphQL, an open-source query language used to build APIs, to leverage Salt Security to discover APIs, mitigate data exposure, stop attacks, and eliminate vulnerabilities at their source.

As a purpose-built API security tool that can protect GraphQL APIs across their full life cycle, the Salt Security platform delivers critical capabilities the industry needs now. APIs built using GraphQL are inherently difficult to secure because of their unique structure and high level of flexibility. Predictably, malicious actors have been quick to develop attack techniques that leverage GraphQL capabilities such as nested queries and query batching to run DoS attacks and to take advantage of the complex access control structure in GraphQL to uncover and exploit critical vulnerabilities.

"IT practitioners assume that GraphQL is harder to attack than other API technologies because they are relatively novel, but in reality, these APIs are just as attackable. In fact, the flexibility of GraphQL can easily lead to misconfigurations that accidentally expose valuable data," said Elad Koren, CPO, Salt Security. "Although attacks on GraphQL are not as common as on more widely used API formats, our priority here at Salt is to ensure that all API ecosystems are secure at all times. We're seeing GraphQL used by our customers with increasing frequency, so we took the initiative to invest significant development efforts in building the unique protections needed to support the growing community of GraphQL users."

GraphQL has been quickly embraced by the developer community for its ability to efficiently exchange information. However, its call and response formats also present unique risks, and users should expect attacks against GraphQL APIs to become increasingly frequent. As a result, the ability to automatically discover and secure GraphQL-based APIs offered by Salt Security will be critical for protecting digital-first business operations that rely on the open-source query language.

Utilizing its patented AI- and ML-based Big Data engine, the Salt Security platform baselines legitimate system behavior to effectively identify attackers in real time, stopping these bad actors while they're still performing reconnaissance and using their probing activities like penetration testers to gain insights for hardening APIs. The Salt platform's new capabilities for securing GraphQL parse the complex structure of each query to identify unique object entities, building a complete inventory of GraphQL APIs and creating the baseline for identifying and stopping attacks. The Salt Security API Protection Platform integrates with DevOps tools such as Jira and Slack to ensure that remediation details are routed to the right development team and can help track tickets to ensure remediation fixes are implemented and business risk eliminated. It also ties into SIEM platforms such as Splunk and Sumo Logic to enable incident response for SecOps teams.

Share this

Industry News

March 18, 2024

Kubiya.ai announces the launch of its DevOps Digital Agents.

March 18, 2024

Aviatrix® introduced Aviatrix Distributed Cloud Firewall for Kubernetes, a distributed cloud networking and network security solution for containerized enterprise applications and workloads.

March 18, 2024

Stride announces the general availability of Stride Conductor, its new autonomous coding product that transforms the software development landscape.

March 14, 2024

CircleCI unveiled CircleCI releases, which enables developers to automate the release orchestration process directly from the CircleCI UI.

March 13, 2024

Fermyon™ Technologies announces Fermyon Platform for Kubernetes, a WebAssembly platform for Kubernetes.

March 13, 2024

Akuity announced a new offer targeted at Enterprises and businesses where security and compliance are key.

March 13, 2024

New Relic launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing.

March 12, 2024

OutSystems announced AI Agent Builder, a new solution in the OutSystems Developer Cloud platform that makes it easy for IT leaders to incorporate generative AI (GenAI) powered applications into their digital transformation strategy, as well as govern the use of AI to ensure standardization and security.

March 12, 2024

Mirantis announced significant updates to Lens Desktop that makes working with Kubernetes easier by simplifying operations, improving efficiency, and increasing productivity. Lens 2024 Early Access is now available to Lens users.

March 12, 2024

Codezero announced a $3.5 million seed-funding round led by Ballistic Ventures, the venture capital firm dedicated exclusively to funding entrepreneurs and innovations in cybersecurity.

March 11, 2024

Prismatic launched a code-native integration building experience.

March 07, 2024

Check Point® Software Technologies Ltd. announced its Check Point Infinity Platform has been ranked as the #1 Zero Trust Platform in the latest Miercom Zero Trust Platform Assessment.

March 07, 2024

Tricentis announced the launch and availability of SAP Test Automation by Tricentis as an SAP Solution Extension.

March 07, 2024

Netlify announced the general availability of the AI-enabled deploy assist.

March 07, 2024

DataStax announced a new integration with Airbyte that simplifies the process of building production-ready GenAI applications with structured and unstructured data.