Data Theorem released a new full-stack security analyzer called Web Secure. It is designed to provide vulnerability analysis for modern web applications from the web layer down to its embedded APIs and cloud resources.
According to the company, the analyzer was built for DevOps and security teams to improve web application security testing, and help identify and remediate potential data breaches in modern web applications, also known as Single-Page Applications (SPAs).
“The current generation of web security tools are poorly suited to address these newer application frameworks, APIs and cloud microservices that are the underpinnings of these modern applications,” Data Theorem stated in a post. “Data Theorem’s Web Secure was designed specifically to help customers secure their modern web applications.”
The solution contains a new type of dynamic and run-time analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation of their modern web applications.
The new release also expands the SPA features the company released in September 2019 with several new automated hacking security toolkits that help customers understand the impact of vulnerabilities and exploits throughout the whole application stack. SPA SQL injection, SPA XSS protection and Toxic Tokens are among the vulnerabilities that Web Secure actively seeks to remediate.
“By 2021, 90 percent of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the user interface, an increase from 40 percent in 2019. API discovery is key to knowing what APIs exist,” Gartner stated in a post.
Data Theorem noticed organizations often turned to a variety of traditional tools, scanners and web crawlers for mobile applications and APIs, which has not kept pace with Agile SDLC speed.
Web Secure helps to round out Data Theorem’s AppSec portfolio to protect organizations from data breaches with application security protection for modern web frameworks, API-driven microservices and cloud resources, according to the company.