Subscribe to the Salt blog to learn about the latest developments in API Security

Do I know where all of my APIs are?

This is the most fundamental question in API Security. Salt automatically and continuously discovers all APIs, capturing granular details about them including where sensitive data resides, to help you eliminate blind spots, assess risk, and manage API sprawl with our industry-leading posture governance engine.

See Salt in actionExplore resources
Carrefour
Cathay Bank
Kingston Technology
Stryker
Vermeer
Hyundai
Finastra
Armis
Telefonica Brasil
Jemena
Mail Boxes Etc.
Coralogix
Augmedix

It all starts with discovery.

It’s eye opening to know how many APIs you deal with, and more importantly, how many have serious security flaws. Many organizations know about only a fraction of their APIs. Salt helps you start your API Security journey with extensive and continuous API discovery.

Learn more
01

01 Advanced API Discovery

Eliminate blind spots by automatically and continuously discovering all internal, external and third-party APIs.

  • API details exposed. Granular details such as parameters, usage patterns, risk scores and sensitive data exposure that help you understand your attack surface and assess risk.
  • Context-rich insights. Salt delivers the most detailed, context-rich filtering and querying available, enabling organizations to gain custom insights into their APIs.
  • Discovery insights that drive governance. Use insights to derive and customize posture governance policies with Salt's industry-first API Posture Governance engine.
  • No documentation? No Problem. APIs not in your gateway or documented in an OpenAPI Specification (aka Swagger)? No problem.  Salt will still find them and add them to your library.
02

02 Find Shadow and Zombie APIs

Deprecated, unknown and shadow APIs represent a significant risk to organizations.

  • Gain visibility.  Shadow and zombie APIs typically represent anywhere from 40% to 800% of the total APIs organizations thought they had or what is noted in their documentation.
  • Protect sensitive data. PII and other sensitive data can be exposed inadvertently through APIs not on your radar and increase risk dramatically.
  • Keep documentation current. By continuously discovering your APIs, you can compare with your current documentation to ensure it's always accurate.
03

03Identify and Minimize API Risk

Continuously monitor API traffic and behavior to detect anomalies and potential threats

  • Risk Assessment. Evaluate the potential risks associated with each API, such as vulnerabilities, misconfigurations and sensitive data exposure.
  • Compliance. Ensure that APIs comply with relevant regulations and industry standards, such as GDPR, HIPAA and PCI DSS.
  • Policy Enforcement. Implementing and enforcing policies that define acceptable API behavior and access controls.

Lessons from the 
FinTech Trenches Securing APIs at Finastra.

“Salt is essentially fully automated and almost autonomous deployment.”

—Nir Valtman, Head of Product and Data Security, Finastra

Read the blog

Not sure how to best secure your APIs?

Take this 2 minute quiz to understand where to start and get access to the most relevant material for you.

Take the quiz

What API security technology are you using?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

What is your industry?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Do you have an API governance program in place?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

What stage of the process are you in?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Here are some resources to get you started on your API security journey:

Top 6 API Security Questions Answered
API Security Checklist
API Security for Dummies
Industry-First API Security Posture Governance Engine
API9:2023 Improper Inventory Management
Jemena Case Study
Xolv Case Study
Kingston Case Study
Berkshire Bank Case Study
DeinDeal Case Study
API Gateway Security: What is it and is it Enough?
API Security 101: API Security Strategy and Fundamentals Guide
API Gateway Security: What is it and is it Enough?
Analysis of Recent SQLi WAF Bypass Attack

Back

Next

Want to see the Salt platform in action?

Learn how Salt Security's leading API security platform can provide complete Posture Governance and API Behavioral Threat Protection.

See it in actionLearn More

Get the latest API security research and see how you compare

Get the report
Back