HCLSoftware Launches HCL AppScan API Security
HCLSoftware, a global leader in enterprise software solutions, has announced the launch of HCL AppScan API Security, in partnership with Salt Security. This comprehensive API security program enables organizations to effectively manage all their API assets and ensure they continue to deliver business value without introducing increased levels of risk.
HCL AppScan API Security is designed to reduce security blind spots with an expert-trained, AI-infused discovery platform that finds and inventories all API assets, ensures corporate API standards in runtime and development, and integrates seamlessly with dynamic analysis to pinpoint and fix vulnerabilities.
Application Programming Interfaces (APIs) are rapidly transforming the digital landscape, with APIs now accounting for well over 50 percent of all web traffic. APIs facilitate seamless communication between applications and are now being relied upon to drive cloud services, mobile apps, and Internet of Things (IoT) devices. But all this traffic has, at the same time, made APIs a leading attack vector that can be exploited by bad actors, and organizations are now facing a whole new set of security challenges.
“The growing dependence on APIs has made robust API security a boardroom-level concern for our customers, all of whom are looking to improve their security posture and safeguard their digital ecosystems,” said Rajesh Iyer, Executive Vice President, HCLSoftware.
2023 saw a significant increase over previous years in both the total number of API attacks, as well as the percentage of data breaches associated with API vulnerabilities. And the trend is continuing. In the recent 2024 State of API Security report from Salt Security, 37% of the organizations surveyed reported having experienced an API-related security incident – twice that of the previous year. Just in the first six months of 2024, various news agencies have reported large-scale API-related attacks across numerous industries including social media and file sharing platforms, technology companies, and e-commerce sites, to name a few, leading to compromised data for millions of users.
APIs have become so ubiquitous that many companies don’t even know how many they are using. The number for medium and larger organizations can easily be in the hundreds. APIs now play multiple roles in every industry, most evidently in functionality such as online shopping, media delivery, payment gateways, workflow automation, microservices, software development – the list goes on. This means that the first step to securing APIs is gathering a full and accurate inventory of what is being used.
“One of the key capabilities of HCL AppScan API Security is its ability to continuously discover and record an organization’s entire API inventory.” said Colin Bell, CTO for HCL AppScan. “This allows security teams to gain insights into their overall security posture.”
The rising trend in API attacks led the Open Web Application Security Project (OWASP) to create The OWASP API Security Top 10 – a list of the most critical security risks specifically related to APIs. The list was compiled to help organizations understand and mitigate the risks associated with API vulnerabilities. These include key areas that organizations should focus on when securing their APIs such as Broken Object Level Authorization (BOLA), Excessive Data Exposure, and Security Misconfiguration, just to name a few. According to the 2024 State of API Security report from Salt Security, 80% of attack attempts leverage one or more of OWASP API Top 10 methods, but only about 58% of respondents surveyed focus their security efforts around this list.
“With the rise in API security incidents and regulatory oversight, organizations need to maintain continuous compliance across their API ecosystems,” stated Michael Nicosia, COO and Co-founder at Salt Security. “By combining HCL AppScan’s powerful scanning features with Salt Security’s real-time governance and visibility of attack surfaces, including our discovery of undocumented and shadow APIs, we deliver unified insights and deeper visibility across their entire API landscape. This enables organizations to proactively identify risks and uphold compliance with essential standards such as PCI DSS, GDPR, and HIPAA throughout the API lifecycle.”
