Wib API PenTesting-as-a-Service Released
December 06, 2022

Wib announced API PenTesting-as-a-Service (PTaaS) designed to help organizations proactively cover the latest PCI-DSS 4.0 mandates for testing application security, APIs, and vulnerabilities in Business Logic.

Wib's PTaaS solution supports the evolving requirements for frameworks such as PCI DSS as they adapt to the realities of modern web security, where API coverage in penetration testing is often lacking.

For organizations covered by PCI-DSS' strict requirements for application penetration testing, which as of version 4.0 specifically includes API abuse and attacks on business logic, Wib provides on-demand API Pen Testing specifically designed to provide solid validation of API security posture to support assertions of compliance for PCI and other frameworks and regulations such as GDPR, CCPA, SOC-2, ISO, NIST, and others.

Utilizing the skill of Wib's Offensive Security team, Wib will deliver 'inception to report' in just three weeks, including:

- Full assessment report of all identified vulnerabilities

- A risk severity score, based on NIST cyber matrix calculator

- Contextual remediation report for all vulnerabilities that have been found

- Remediation road map plan with implementation suggestions, as well as post-remediation validation as required by PCI standards

- Dedicated training and consultancy session with Wib's Security Specialists

Wib's service is designed to be unintrusive and hassle-free for customers as Wib simulates attacks against their APIs without ever having to connect to their systems, and when combined with the Wib platform, provides complete visibility, an automatic inventory, auto-generated API documentation, and simulated attacks against test and / or production systems. Wib's holistic approach is the only way to truly protect your API ecosystem all the way from your source code, through production traffic, to professionally validated attacks on your API business logic from a professional API hacker's perspective from the outside.

"We've always said that your defense should be informed by the offense...we're uniquely positioned to provide validation of the security posture of APIs and the applications that use them from the same lens as the external attacker." adds Chuck Herrin, CTO of Wib. "That is a critical piece we often find missing, and our team is built to fill this gap so our customers can find, understand and protect their APIs as they race to secure their evolving attack surface. Our goal is to make it safe to innovate and help our customers ensure the security, risk, and compliance of the API ecosystems powering their business."

Share this

Industry News

February 02, 2023

Red Hat announced a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI).

February 02, 2023

Snow Software announced a new global partner program designed to enable partners to support customers as they face complex market challenges around managing cost and mitigating risk, while delivering value more efficiently and effectively with Snow.

February 02, 2023

Contrast Security announced the launch of its new partner program, the Security Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

February 01, 2023

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

February 01, 2023

Jetpack.io formally launched with Devbox Cloud, a managed service offering for Devbox.

February 01, 2023

Jellyfish launched Life Cycle Explorer, a new solution that identifies bottlenecks in the life cycle of engineering work to help teams adapt workflow processes and more effectively deliver value to customers.

January 31, 2023

Ably announced the Ably Terraform provider.

January 31, 2023

Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

January 31, 2023

Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).

January 30, 2023

F5 announced the general availability of F5 NGINXaaS for Azure, an integrated solution co-developed by F5 and Microsoft that empowers enterprises to deliver secure, high-performance applications in the cloud.

January 30, 2023

Tenable announced Tenable Ventures, a corporate investment program.

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.

January 26, 2023

Mirantis, freeing developers to create their most valuable code, today announced that it has acquired the Santa Clara, California-based Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform.

January 25, 2023

SmartBear has integrated the powerful contract testing capabilities of PactFlow with SwaggerHub.

January 25, 2023

Venafi introduced TLS Protect for Kubernetes.