API security company Salt Security has announced the launch of Salt Surface, a new capability integrated into its existing API Protection Platform. Salt Surface provides organisations with a comprehensive API attack surface assessment, delivering an attacker’s-eye view of their public-facing APIs to uncover specific, actionable risks before they can be exploited.
Salt Surface is an active reconnaissance tool meticulously designed to mimic the tactics and techniques used by advanced API attackers. Its primary purpose is to help organisations proactively identify, validate, and understand the risks associated with their exposed API endpoints. Unlike traditional passive discovery methods that rely solely on observing existing API traffic, Salt Surface employs active discovery techniques, uncovering hidden, unmonitored, and forgotten APIs, creating a highly accurate evaluation of an organisation’s current external attack surface.
The technology is powered by the continuous expertise and cutting-edge research from Salt Labs, a recognised leader in the API security research field. This ensures that Salt Surface’s discovery techniques stay current with the latest tactics employed by attackers. While competing tools often provide large volumes of unrelated or low-context data, Salt Surface focuses on delivering relevant, actionable intelligence.
Salt Surface provides a multi-faceted approach to discovering risks and reducing an organisation’s API attack surface. This includes:
- Vulnerability and Misconfiguration Detection: The scan is highly effective at identifying critical security risks associated with discovered APIs. It detects common and severe misconfigurations, highlights potential vulnerabilities, and finds instances of sensitive data exposure.
- Comprehensive API Discovery: Salt Surface actively researches all of an organisation’s internet-facing API assets, thoroughly examining domains and subdomains to pinpoint every potential API endpoint. This process enables teams to uncover shadow and zombie endpoints that might otherwise be overlooked by methods that only see existing traffic.
- Proactive Posture Governance: Findings from Salt Surface are automatically evaluated against a robust set of posture governance policies built specifically for externally discovered assets. This provides instant insight into security gaps and policy violations without requiring a single log or traffic sensor to be deployed.
- Actionable Assessment Reporting: All discoveries, risks, and policy violations are compiled into a single, consolidated, and evidence-based assessment report. This report is designed to be highly actionable, providing security teams with the clear, prioritised information they need to address vulnerabilities effectively.
Roey Eliyahu, CEO and co-founder of Salt Security, said: “Being proactive is no longer optional in API security; it’s mission-critical. Salt Surface gives organisations that proactive edge. It provides the actionable context needed to see their APIs through an attacker’s lens and fix security gaps before they are discovered and exploited.”
