Salt Security

Palo Alto, CA, USA
2016
  |  By Eric Schwake
APIs are essential for modern digital business operations, enabling smooth connectivity and data exchange between applications. However, the growing dependence on APIs has unintentionally widened the attack surface, making strong API security a vital concern for organizations. Traditional security measures often prove inadequate in effectively safeguarding this changing landscape.
  |  By Michael Callahan
In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like assuming a bouncer can stop someone sneaking in through a side door or an open window.
  |  By Eric Schwake
Let’s be honest: APIs are the unsung heroes of the modern business world. They work silently behind the scenes, connecting applications, driving innovations, and ensuring your digital transformation stays on track. However, there’s a crucial downside: APIs can pose a significant security risk. They can be likened to unlocked doors leading to your sensitive data and essential business functions—an ideal target for hackers.
  |  By Eric Schwake
Black Friday may be the pinnacle of the holiday shopping season, a day when online retailers experience unprecedented traffic and revenue opportunities as consumers kick off the Christmas season. For many retailers, it’s a make-or-break event. Yet, with increased traffic comes increased risk, particularly as it relates to cybersecurity and keeping shoppers safe from fraud stemming from a cyberattack on their favorite digital store.
  |  By Eric Schwake
The transportation sector is undergoing a digital revolution, from railways to aviation and trucking. APIs are at the heart of this transformation, particularly for airlines. Airlines utilize APIs to integrate internal systems with vital services such as booking platforms, check-in services, real-time flight updates, communication with customs agencies, and baggage handling.
  |  By Alexandria Nicosia
The retail industry’s digital transformation has made secure APIs essential to modern operations since they are at the core of this shift. APIs power everything from e-commerce platforms and mobile shopping apps to inventory management, point-of-sale systems, and personalized customer experiences. They help retailers stay agile in a fast-paced market by enabling seamless data exchange and streamlining processes.
  |  By Eric Schwake
As organizations adopt more modern application strategies, APIs are increasingly important for enabling seamless communication and data exchange. However, this interconnectedness also introduces more significant security risks. APIs are gateways to sensitive information, making them prime targets for attackers. This can result in data breaches, business disruptions, and reputational damage.
  |  By Eric Schwake
In the wake of Cisco’s recent data breach involving exposed API tokens - amongst other sensitive information - the cybersecurity community is reminded once again of the significant risks associated with unsecured APIs. Though Cisco has asserted that the damage was limited to a public-facing environment, such breaches demand a more cautious evaluation. Exposing sensitive information like API tokens, credentials, and even source code can have broader security implications than initially apparent.
  |  By Eric Schwake
In 2024, healthcare organizations face heightened security challenges, mainly as they increasingly rely on Application Programming Interfaces (APIs) to support critical functions. APIs have become indispensable in driving digital transformation and improving operational efficiencies across healthcare systems. However, the rising complexity and volume of APIs, alongside insufficient security practices, have created a vulnerable environment ripe for exploitation.
  |  By Eric Schwake
API security has become a critical focus for organizations in the technology sector as the reliance on APIs (Application Programming Interfaces) continues to grow rapidly. APIs are the foundation of modern applications, facilitating communication between software systems, integrating services, and driving innovation. However, as the use of APIs expands, so do the associated security risks.
  |  By Salt Security
Continuing the API security journey with Episode 4 of Founder’s Corner! Join Salt’s CEO, Roey Eliyahu, and CMO, Michael Callahan, in their deep dive into the topic of Posture Governance. Be proactive in your API Security.
  |  By Salt Security
Welcome to Episode Three of Salt Security’s Podcast Series: Founder’s Corner Salt’s CEO and Co-founder, Roey Eliyahu, talks with Salt’s CMO, Michael Callahan, about the first step of the customer journey in API Security: Discovery (also known as the crawl stage). They dive into topics around Discovery (as well as Salt’s phases of Discovery), Data Security, Shadow and Zombie APIs, GenAI, and how Salt is utilizing AI.
  |  By Salt Security
Welcome to Episode Two of Salt Security’s Podcast Series: Founder’s Corner This episode features Salt's COO and Co-founder, Michael Nicosia, as he defines the main steps of the customer journey in API Security. Hosted by Salt’s CMO, Michael Callahan.
  |  By Salt Security
The Salt 360 platform is the only Al-infused protection for the entire API lifecycle - from discovery to posture governance to threat.
  |  By Salt Security
Welcome to Episode One of Salt Security’s New Series: Founder’s Corner This series will share insights and conversations from founders on markets, technology, trends, and other interesting topics of the day. Starting off the series with Salt’s Co-Founders, Roey Eliyahu and Michael Nicosia, as they talk about how they became founders, what inspired them to start Salt Security, where the name came from, and the future of API Security.
  |  By Salt Security
Join Nick Rago (VP of Product Strategy at Salt Security) and Claudio Acquaviva (Software Architect of Kong Inc.) in this informative webinar (live April 11). They discuss what being API-first really means, the essentials to success, and walkthrough the lifecycle of an API from design to deployment and how combining Salt Security with Kong through that API lifecycle can help provide a risk-free API-first journey.
  |  By Salt Security
As organizations increasingly embrace APIs, a new challenge has emerged - the complexity of managing, securing, and understanding the sprawling API landscape within an organization. To tackle these concerns head-on, Salt Security has pioneered the industry's first API posture governance engine and a suite of advanced capabilities designed to bring clarity, security, and efficiency to your API ecosystem.
  |  By Salt Security
We’re all in this together, which is why awareness about APIs and connecting with one another is crucial to cyber security. Salt Security has recently announced our Salt Technical Ecosystem Partner Program which can help demonstrate the role of application security testing when it comes to API security and where it fits in a good API security program.
  |  By Salt Security
This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.
  |  By Salt Security
API attacks are on the rise, and WAFs and gateways cannot stop them. A few highlights from our latest Salt Labs report on API security: Download the report now to benchmark yourself and use the findings to improve API security for your company.
  |  By Salt Security
API Security for Dummies walks you through how application architecture has evolved, why apps are built on APIs now, the security risk APIs present, and best practices for securing APIs. This eBook: Download this eBook to learn the most critical elements of API security and ten prioritized steps you can follow now to start securing APIs for your organization.
  |  By Salt Security
Securing your APIs is no longer a luxury, but it shouldn't be viewed as just a necessary burden either. Protecting your APIs opens the door to real business value including: Download this eBook to explore the business results customers are uncovering as they embark on their API security journey and how to quantify the value of API security in your organization.
  |  By Salt Security
API attacks include many of the tactics, techniques, and procedures (TTPs) identified in the MITRE ATT&CK framework. This white paper analyzes and maps three common API attack scenarios to the TTPs found in the MITRE Enterprise Matrix. By understanding how the MITRE ATT&CK TTPs relate to API security threats, security leaders can: Download now to learn how to defend against API attacks by leveraging this well-known security framework.
  |  By Salt Security
With API attacks on the rise, and existing security technology proving to be ineffective at stopping API attacks, organizations need to take a new approach. API security offerings must provide a range of functionality to be useful to organizations, including: Download this white paper to improve awareness of what it takes to adequately secure APIs, how to evaluate a given API security offering, and what API security capabilities are necessary to protect your business.
  |  By Salt Security
API security has emerged as a key priority for protecting vital data and services. It's also an area where many companies lack expertise. Salt Security has compiled this list of API security best practices, drawn from field experience and customer feedback, to help guide you on your API security journey. These API security best practices fall into multiple focus areas, including: Download this guide to obtain a comprehensive list of best practices and guidance to secure your APIs throughout their lifecycle.

The leading API security company, providing the context needed to discover APIs, stop attacks, and remediate vulnerabilities to accelerate business innovation.

By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and shift-left practices. Deployed quickly and seamlessly integrated within existing systems, the Salt Security platform gives customers immediate value and protection, so they can innovate with confidence and accelerate their digital transformation initiatives.

Complete API security for complete protection:

  • Discover all your APIs: Continuously inventory all your APIs, including shadow and zombie APIs.
  • Prevent sensitive data exposure: Identify the APIs that are exposing PII or other sensitive data.
  • Stop API attacks: Correlate activity to block attackers during reconnaissance.
  • Prevent ATO, Data Exfiltration: Thwart credential stuffing, account takeover, and data theft attacks.
  • “Shift left” with proactive API security Test APIs in pre-production to identify and eliminate vulnerabilities.
  • Accelerate incident response: Reduce the time needed to understand and resolve incidents.
  • Provide remediation insights: Share learnings from runtime analysis with dev teams to harden APIs.
  • Simplify compliance: Tie your API and sensitive data discovery and vulnerability remediation into GRC workflows.

The rich API context you need for robust discovery, attack prevention, and shift left.