Traceable AI launches API testing product for its security platform

Traceable AI today announced the general availability of xAST, an API security testing solution, as part of its API security platform. The new feature set, after extensive beta testing with some of the company’s largest customers, is available for immediate use and builds on Traceable’s existing risk visibility and analytics capabilities.

The idea is to reduce the impact of potential API vulnerabilities early in the software development process, making it easier to actively test an API that has gone through development but before it goes into production. Traceable uses an “in-app” approach to API testing, which means it observes software behavior while it is running, as opposed to the “contract” model, which simply analyzes the behaviors an API should exhibit .

“Distributed monitoring” approach to API observability

According to Omdia senior analyst Rik Turner, this approach is more computationally intensive, but could provide a better window into the security or lack of security of a given software. “In particular, Traceable says its ‘distributed tracking’ approach to API observability is a key differentiator,” he said. “Not only is it a form of tracing specifically suited to microservices architectures, but it allows Traceable to observe every request passing through the system from start to finish, and can be used to improve performance and understand what typical behavior.”

Another key benefit, according to Traceable, is the speed and integration of the testing process — analyzing APIs using xAST shouldn’t change “dev-release cadences,” the company said. which should help prevent the testing process from being a hindrance.

The xAST system provides output in the form of an analysis summary, comparing vulnerabilities against the OWASP Top 10 list, looking for data exposure, misconfigurations, permission issues, and known issues like Log4shell. It’s a pretty groundbreaking new development, according to Turner, who said Traceable is “definitely onto something.”

“They initially came to market with only the in-app observability approach, which they claim is superior, but have since been replaced by out-of-band observation at the request of major customers,” said said Turner. “Still, if they can nudge more customers towards the integrated approach, I think they will see huge adoption and force other vendors to at least pay attention to what they are doing and look to emulate. “

According to Traceable, xAST functionality is currently available to any Traceable customer currently using the company’s API catalog at no additional cost, although the company plans to release it as a standalone product if demand is deemed sufficient. .

Copyright © 2022 IDG Communications, Inc.

Comments are closed.