SmartBear Software wants to make sure that as APIs are adopted, the amount of potential risks doesn’t increase. The company recently announced Ready API Secure Pro, a new automated approach to API security testing designed to cover common risks of modern REST and traditional SOAP Web services.

“The epic growth of APIs in the past five years represents an equal increase in surface area for potential attack,” said Paul Bruce, API product marketing manager at SmartBear. “More specifically, REST services go largely untested when it comes to deep functional accuracy and security. To help people deliver safe, reliable experiences on time, SmartBear extended its existing security testing features into the RESTful space to provide a comprehensive API readiness strategy.”

Ready API Secure Pro aims to provide development and test teams a cost-effective and fast way to scan APIs for any security errors earlier and more often in the life cycle. According to Bruce, APIs are inherently not safe, and testing can become complicated when teams are under pressure to deliver rapidly.

“Anything that can automate and simplify those logistics is a dead win for software teams under limited timeframes,” he said. “Ready API does this for functional, load, and now security testing so that teams can address each of the aspects of quality in their APIs pre-rollout, and deliver great experiences with confidence.”

Key features, according to SmartBear, include:

  • The ability to run threat analyses over REST and SOAP Web services to identify common security problems
  • The ability to analyze patterns of API communication and review suggestions on corrective actions
  • The ability to scan Web services for non-API security considerations such as sensitive file exposure
  • The ability to run security scans over either a single request or multi-step transactions
  • The ability to ensure APIs work properly, are safe, and achieve high performance and scalability goals.

In addition, Ready API Secure Pro also provides test results that can be interpreted by security and non-security experts.

“No other security tool address API-specific formats or exploits, which causes people to spend an inordinate amount of time manually building out tests from scratch,” said Bruce. “Ready API Secure Pro dramatically simplifies this process with wizards by repurposing functional tests as the basis for security scans.”

More information is available here.