Synack Expands Security Platform With Adversarial API Pentesting

Security researchers will handle testing on "headless" API endpoints that lack a user interface and are increasingly exposed to attackers.

October 31, 2022

2 Min Read


REDWOOD CITY, Calif., Oct. 31, 2022 / PRNewswire/ — Synack, the premier security testing platform, has launched an API pentesting capability powered by its global community of elite security researchers. Organizations can now rely on the Synack platform for continuous pentesting coverage across "headless" API endpoints that lack a user interface and are increasingly exposed to attackers.

"Synack's human-led, adversarial approach is ideal for testing APIs that form the backbone of society's digital transformation," said Synack CTO and co-founder Mark Kuhr, a former National Security Agency cybersecurity expert. "We are thrilled to offer customers a unique, scalable way to secure this growing area of their attack surfaces."

Gartner estimates API abuses will be the most common source of data breaches in enterprise web applications this year. Synack enables organizations to verify exploitable API vulnerabilities such as broken authorization and authentication — noted in the OWASP API top 10 — can't be abused by malicious hackers.

"Many organizations are struggling to find the top-tier cyber talent needed to root out API-specific vulnerabilities," said Peter Blanks, Chief Product Officer at Synack. "We're excited to extend our Synack platform to provide human-powered offensive security testing on APIs."

Synack's headless API capability builds on years of API pentesting experience through web and mobile applications. The new platform features allow customers to enter API documentation to guide testing scope and coverage. Next, researchers with the Synack Red Team attempt to exploit API endpoints in the way a real external adversary would.

Of the Synack Red Team's over 1,500 global members, only those with proven API testing skills are activated on API requests, reducing noise. Synack's Special Projects division led over 100 successful pentests against headless APIs in 2022, providing customers with critical proof-of-coverage reports while validating researchers' API expertise.

Vulnerability submissions and testing reports are routed through Synack's Vulnerability Operations team for a rigorous vetting process before being displayed in the platform, minimizing false positives and ensuring high-quality results.

For more information about Synack's API security testing, please visit


Synack's premier on-demand security testing platform harnesses a talented, vetted community of security researchers and smart technology to deliver continuous penetration testing and vulnerability management, with actionable results. We are committed to making the world more secure by closing the cybersecurity skills gap, giving organizations on-demand access to the most trusted security researchers in the world. Headquartered in Silicon Valley with regional teams around the world, Synack protects federal agencies, DoD classified assets and a growing list of Global 2000 customers, uncovering over 13,000 vulnerabilities for clients in 2021 alone. For more information, please visit

SOURCE: Synack

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights