Published on : Nov 30, 2022
Wib, the fast-growing cybersecurity startup pioneering a new era in API security, today announced an industry-first API PenTesting-as-a-Service (PTaaS) designed to help organizations proactively cover the latest PCI-DSS 4.0 mandates for testing application security, APIs, and vulnerabilities in Business Logic.
According to Gartner, 90% of web-enabled applications will expose more attack surface via APIs than in the user interface (UI), and API abuses will become the most-frequent attack vector. In recognition of this changing attack landscape, Wib's PTaaS solution supports the evolving requirements for frameworks such as PCI DSS as they adapt to the realities of modern web security, where API traffic is already 91% of web traffic, but API coverage in penetration testing is often lacking.
For organizations covered by PCI-DSS' strict requirements for application penetration testing, which as of version 4.0 specifically includes API abuse and attacks on business logic, Wib's unique offering provides on-demand API Pen Testing specifically designed to provide solid validation of API security posture to support assertions of compliance for PCI and other frameworks and regulations such as GDPR, CCPA, SOC-2, ISO, NIST, and others.
Wib is uniquely positioned to spearhead this innovative approach. Utilizing the skill of Wib's Offensive Security team, Wib will deliver 'inception to report' in just three weeks, including:
- Full assessment report of all identified vulnerabilities
- A risk severity score, based on NIST cyber matrix calculator
- Contextual remediation report for all vulnerabilities that have been found
- Remediation road map plan with implementation suggestions, as well as post-remediation validation as required by PCI standards
- Dedicated training and consultancy session with Wib's Security Specialists
Wib's ground-breaking service is designed to be unintrusive and hassle-free for customers as Wib simulates attacks against their APIs without ever having to connect to their systems, and when combined with the Wib platform, is the only offering that provides complete visibility, an automatic inventory, auto-generated API documentation, and simulated attacks against test and / or production systems. Wib's unique and holistic approach is the only way to truly protect your API ecosystem all the way from your source code, through production traffic, to professionally validated attacks on your API business logic from a professional API hacker's perspective from the outside.
"We've always said that your defense should be informed by the offense, and with Wib's world-leading team of API Penetration Testers, we're uniquely positioned to provide validation of the security posture of APIs and the applications that use them from the same lens as the external attacker." adds Chuck Herrin, CTO of Wib. "That is a critical piece we often find missing, and our team is built to fill this gap so our customers can find, understand and protect their APIs as they race to secure their evolving attacka surface. Our goal is to make it safe to innovate and help our customers ensure the security, risk, and compliance of the API ecosystems powering their business."