Salt Security

Palo Alto, CA, USA
2016
  |  By Aviad Carmel
Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.
  |  By Eric Schwake
Securing organizations against today’s most advanced threats continues to be challenging, with APIs (Application Programming Interfaces)playing an increasingly central and vulnerable role, especially as digital transformation marches on. The NIST Cybersecurity Framework 2.0 (CSF) release underscores the urgency of addressing evolving threats and now emphasizes the importance of governance in Cybersecurity.
  |  By Eric Schwake
AppSec leaders and security practitioners, rejoice! Automating your security practices using Salt Platform APIs is now easier than ever, empowering developers to integrate APIs quickly and efficiently while helping reduce risk. The newly launched Salt Developer Portal is your one-stop hub for all API security automation needs.
  |  By Nick Rago
Could you imagine our interstate highway system without roadway bridges? I don’t think anyone would argue that bridges are not an essential part of an effective ground transportation network. So it doesn’t surprise me that when I ask people what makes a highway bridge “good,” I get quick responses with pretty consistent answers: guardrails, proper lighting, clear signage, smooth driving surface, lane markings, load capacity, structural integrity, and so on.
  |  By Michael Callahan
Today, we’re thrilled to share that Salt has launched extended capabilities to our powerful platform, adding yet another industry-first technical advancement to our trophy case! (full announcement here.) Since its founding, Salt’s been on a mission to create a platform that can detect, prioritize and solve the most complex API security challenges and risks.
  |  By Michael Nicosia
Is Salt Security a fortune teller? We’re not sure if we’d go as far as to say that, but we certainly have had our fair share of precognitive moments. In today’s virtual age where everyone is utilizing and relying on digital landscapes, people’s data is constantly being put online. As technology advances and more people go online, bad actors and cyber threats use vulnerabilities in Application Programming Interfaces (APIs) to get access to sensitive data.
  |  By Aviad Carmel
OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.
  |  By Michelle McLean
We’re entering a new season of fall, but here at Salt, it seems like it’s always awards season! We continue to receive accolades for the Salt Security API Protection Platform – all year round! This time we have been honored with the “Best API Security” award in the 2023 API Awards.
  |  By Gilad Barzilay
It’s been just about a year since we first announced our partnership with CrowdStrike. We are delighted to share today that we’ve further strengthened that partnership with the new “better-together” story of Salt and the CrowdStrike Falcon® platform.
  |  By Salt Technical Engineering
The neon lights of Black Hat and DEF CON, with their flashing demos and groundbreaking presentations, often dazzle attendees and cyber enthusiasts alike. From AI-driven hacking tools to quantum encryption, the subjects covered span a vast spectrum. However, as with any vibrant city, these include areas of risk and concern. For Black Hat 2023 events, APIs are core to these areas.
  |  By Salt Security
As organizations increasingly embrace APIs, a new challenge has emerged - the complexity of managing, securing, and understanding the sprawling API landscape within an organization. To tackle these concerns head-on, Salt Security has pioneered the industry's first API posture governance engine and a suite of advanced capabilities designed to bring clarity, security, and efficiency to your API ecosystem.
  |  By Salt Security
We’re all in this together, which is why awareness about APIs and connecting with one another is crucial to cyber security. Salt Security has recently announced our Salt Technical Ecosystem Partner Program which can help demonstrate the role of application security testing when it comes to API security and where it fits in a good API security program.
  |  By Salt Security
This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.
  |  By Salt Security
This short video highlights the "State of API Security for the Healthcare Sector" report and emphasizes the growing importance of APIs for success and the challenges in protecting them.
  |  By Salt Security
API attacks aren’t like traditional application attacks. Understanding those differences is crucial to protecting the valuable data and services your APIs enable. Nick Rago, Salt Security Field CTO, discusses in this webinar: We hope you enjoy the webinar on the changing nature of API attacks and learn the best practices to keep your organization safe.
  |  By Salt Security
As financial services and insurance organizations have increasingly turned to APIs to accelerate business innovation, attackers have also changed their tactics, making APIs their prime target. This short video discusses findings from the first industry-specific version of the State of API Security report and draws on a combination of survey responses and empirical data from the Salt Cloud. Key trends revealed by the survey include.
  |  By Salt Security
To understand how the digital-first economy and global trends have impacted the role of the CISO, Salt partnered with the research firm Global Surveys to study 300 worldwide Chief Information Security Officers. This video highlights trends revealed by the survey including: These were just a few of the highlights from our recent state of the CISO survey. We encourage you to download the full report for even more great insights.
  |  By Salt Security
As APIs have become the backbone of modern applications, threat actors are increasingly targeting them. Whether it be to exfiltrate data, take control of critical systems, or disrupt key business services or digital supply chains, threat actors have taken notice—and they see APIs as a prosperous attack vector. In this video, you’ll gain valuable insights into API security and learn proactive measures to safeguard your APIs. By understanding the challenges posed by API attacks, you’ll understand the best strategies to protect your organization.
  |  By Salt Security
Salt Security protects the APIs that form the core of every modern application. Its patented API Protection Platform is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and shift-left practices.
  |  By Salt Security
The 2023 OWASP API Security Top 10 list compiles and explains the most recent and pressing security threats facing today’s complex API ecosystem. As part of the committee that defined this industry-framing list, Salt gives you an insider view into the categories and how those embarking on their API security journey can most effectively address the critical vulnerabilities raised.
  |  By Salt Security
API attacks are on the rise, and WAFs and gateways cannot stop them. A few highlights from our latest Salt Labs report on API security: Download the report now to benchmark yourself and use the findings to improve API security for your company.
  |  By Salt Security
API Security for Dummies walks you through how application architecture has evolved, why apps are built on APIs now, the security risk APIs present, and best practices for securing APIs. This eBook: Download this eBook to learn the most critical elements of API security and ten prioritized steps you can follow now to start securing APIs for your organization.
  |  By Salt Security
Securing your APIs is no longer a luxury, but it shouldn't be viewed as just a necessary burden either. Protecting your APIs opens the door to real business value including: Download this eBook to explore the business results customers are uncovering as they embark on their API security journey and how to quantify the value of API security in your organization.
  |  By Salt Security
API attacks include many of the tactics, techniques, and procedures (TTPs) identified in the MITRE ATT&CK framework. This white paper analyzes and maps three common API attack scenarios to the TTPs found in the MITRE Enterprise Matrix. By understanding how the MITRE ATT&CK TTPs relate to API security threats, security leaders can: Download now to learn how to defend against API attacks by leveraging this well-known security framework.
  |  By Salt Security
API security has emerged as a key priority for protecting vital data and services. It's also an area where many companies lack expertise. Salt Security has compiled this list of API security best practices, drawn from field experience and customer feedback, to help guide you on your API security journey. These API security best practices fall into multiple focus areas, including: Download this guide to obtain a comprehensive list of best practices and guidance to secure your APIs throughout their lifecycle.
  |  By Salt Security
With API attacks on the rise, and existing security technology proving to be ineffective at stopping API attacks, organizations need to take a new approach. API security offerings must provide a range of functionality to be useful to organizations, including: Download this white paper to improve awareness of what it takes to adequately secure APIs, how to evaluate a given API security offering, and what API security capabilities are necessary to protect your business.

The leading API security company, providing the context needed to discover APIs, stop attacks, and remediate vulnerabilities to accelerate business innovation.

By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and shift-left practices. Deployed quickly and seamlessly integrated within existing systems, the Salt Security platform gives customers immediate value and protection, so they can innovate with confidence and accelerate their digital transformation initiatives.

Complete API security for complete protection:

  • Discover all your APIs: Continuously inventory all your APIs, including shadow and zombie APIs.
  • Prevent sensitive data exposure: Identify the APIs that are exposing PII or other sensitive data.
  • Stop API attacks: Correlate activity to block attackers during reconnaissance.
  • Prevent ATO, Data Exfiltration: Thwart credential stuffing, account takeover, and data theft attacks.
  • “Shift left” with proactive API security Test APIs in pre-production to identify and eliminate vulnerabilities.
  • Accelerate incident response: Reduce the time needed to understand and resolve incidents.
  • Provide remediation insights: Share learnings from runtime analysis with dev teams to harden APIs.
  • Simplify compliance: Tie your API and sensitive data discovery and vulnerability remediation into GRC workflows.

The rich API context you need for robust discovery, attack prevention, and shift left.