API security company Cequence Security has updated its API protection platform with generative AI and no-code security automation to help organizations with security testing and reporting, the company said.
IDC estimates that up to 50% of enterprises’ revenues are enabled over application programming interfaces (APIs), making API security a top priority for CISOs, stated Cequence Security in a blog post about the new capabilities. With generative AI, security teams working with Cequence’s Unified API Protection (UAP) platform can generate API Security Test Plans using plain English, the company said. UAP's Intelligent Mode automatically associates the appropriate APIs with the right test cases, given the functionality of that API.
Cequence gave an example in its blog: Security analysts can say, “Generate a test plan for my Payments API to ensure PCI data compliance,” and the platform will automatically inspect the Payment API endpoints and the payload characteristics to associate the appropriate test cases that would verify that the endpoints are performing as expected.
This functionality reduces the time needed to create a test plan to minutes, rather than months, according to the company.
Security analysts can also use low-code/no-code tools within Cequence to link together multiple third-party connections to implement the equivalent of an API security orchestration and response workflow, the company said. It provided an example of how analysts can create a workflow to log a JIRA ticket when sensitive data exposure is detected from a shadow API, automatically geofence access to the API to internal applications only, and then send an email to the relevant developer or business owner alerting them to the issue.
Other updates to the platform include adding new test cases for the latest OWASP API Top 10 2023 to the test catalog and the ability to run API tests outside of CI/CD pipelines and test directly against staging and production servers.