API testing tool xAST is now folded into Traceable’s existing suite of API analysis and visibility capabilities. Credit: Loops7 / Getty Images Traceable AI today announced the general availability of xAST, an API security testing solution, as part of its API Security Platform. The new feature set, after extensive beta testing with some of the company’s larger customers, is available for immediate use, and builds on the Traceable’s existing visibility and risk analysis features.The idea is to reduce the impact of potential API vulnerabilities early in the software development process, by making it easy to actively test an API that has made it through development but before it goes into production. Traceable uses an “in-app” approach to API testing, which means it’s observing the behavior of software while it’s actually running, as opposed the “contract” model, which merely analyzes which behaviors an API should exhibit.“Distributed tracking” approach to API observabilityAccording to Omdia principal analyst Rik Turner, this approach is more computationally intensive, but could provide a better window into the security or lack thereof of a given piece of software. “In particular, Traceable argues that its ‘distributed tracking’ approach to API observability is a key differentiator,” he said. “Not only is it a form of tracing that is specially adapted to microservice architectures, but it allows Traceable to observe each request traveling through the system from its beginning to its end, and can be used to improve performance and understand what typical behavior looks like.” Another key benefit, according to Traceable, is the speed and integration of the testing process – API scanning using xAST should not change “dev-release cadences,” the company said, which should help keep the testing process from being a roadblock. The xAST system provides output in the form of a scan summary, comparing vulnerabilities to the OWASP top 10 list, seeking out data exposure, misconfigurations, authorization problems and known issues like Log4shell. It’s a fairly groundbreaking new development, according to Turner, who said that Traceable is “definitely onto something.”“They initially came to market with only the in-app approach to observability, which they continue to argue is superior, but have since backfilled with out-of-band observation at the behest of major customers,” Turner said. “Still, if they can nudge more customers in the direction of the in-app approach, I think they will enjoy considerable uptake and force other vendors to at least pay heed to what they’re doing and seek to emulate.” According to Traceable, the xAST features are currently available to any Traceable customer who’s currently using the company’s API catalog, without additional charge, although the company is considering marketing it as a stand-alone product if demand is thought to be sufficient. Related content how-to Download the SASE and SSE enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what SASE (Secure Access Service Edge) and SSE (Secure Service Edge) can do for their organizations and how t By Neal Weinberg May 13, 2024 1 min Remote Access Security Network Security Enterprise Buyer’s Guides news IntelBroker steals classified data from the Europol website The agency said core operations remain unaffected even as IntelBroker claimed to possess classified, law enforcement data. By Shweta Sharma May 13, 2024 3 mins Data Breach Hacker Groups feature Ridding your network of NTLM The path to eradicating this ancient protocol and security sinkhole won’t be easy, but the time has come for its complete eradication. By David Strom May 13, 2024 8 mins Authentication Windows Security Network Security news CISA inks 68 tech vendors to secure-by-design pledge — but will it matter? CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law. By Jon Gold May 10, 2024 4 mins Regulation Technology Industry Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe