Cequence Security, an API security company, has introduced generative AI and no-code security automation to enhance its API protection platform. This update aims to assist organizations in conducting security testing and reporting, addressing the growing demand for API security among Chief Information Security Officers (CISOs).
According to IDC, APIs enable up to 50% of enterprises’ revenues, underscoring the importance of API security. With the integration of generative AI, Cequence’s Unified API Protection (UAP) platform allows security teams to generate API Security Test Plans using plain English. By leveraging the power of AI, UAP’s Intelligent Mode automatically matches the appropriate APIs with the relevant test cases based on the API’s functionality.
Cequence provided an example in its blog post to illustrate the capabilities of its generative AI. Security analysts can simply state, “Generate a test plan for my Payments API to ensure PCI data compliance,” and the platform will automatically examine the Payment API endpoints and payload characteristics to associate the relevant test cases. This functionality significantly reduces the time required to create a test plan, streamlining the process from months to minutes.
In addition to generative AI, Cequence’s platform offers low-code/no-code tools that allow security analysts to establish connections between various third-party applications. This enables the implementation of an API security orchestration and response workflow. For instance, analysts can create a workflow within Cequence to log a JIRA ticket upon detecting sensitive data exposure from a shadow API. Subsequently, access to the API can be automatically restricted to internal applications only, followed by an email alert to the relevant developer or business owner regarding the issue.
The platform update also includes the addition of new test cases for the latest OWASP API Top 10 2023 to the test catalog. This ensures that organizations can stay ahead of emerging threats and vulnerabilities in the API landscape. Furthermore, Cequence’s platform now allows API tests to be conducted outside of CI/CD pipelines, enabling direct testing against staging and production servers. This feature provides flexibility and convenience for security teams, facilitating more comprehensive evaluations of API performance and integrity.
By leveraging generative AI and no-code security automation, Cequence Security aims to empower organizations to effectively and efficiently manage API security. The integration of these advanced technologies streamlines the process of creating test plans, enhances security testing capabilities, and enables faster response and remediation workflows. With the increasing reliance on APIs for business operations, organizations can leverage Cequence’s updated platform to strengthen their security posture and protect their revenue streams.