With the adoption of microservices-based architectures, APIs (Application Programming Interfaces) are becoming a critical part of technology stacks of enterprises worldwide. Increased adoption of AI will further accelerate this momentum allowing enterprises to seamlessly interact with customers, partners, and vendors. Today, there are over 120 million APIs in use and this number will only grow exponentially.
The proliferation of APIs by development teams worldwide has come with its own set of security challenges for enterprises. The scale and pace of API adoption have been faster than what CISOs and security teams have been able to keep pace with. Coupled with the sheer volume and pace of API development is the increasingly complex and open environment which invites multiple attack vectors. As per Gartner, by 2025, less than 50% of enterprise APIs will be managed securely.
Security teams at most enterprises are still approaching API security like they would approach legacy application environments. An approach that does not scale and creates a large number of false positives, overwhelming App Sec teams in the process. These developments require a revisit to the API security approach.
A ’Shift-left approach’ to API security could be a potential answer to growing API security concerns. The practice of incorporating security measures earlier in the software development lifecycle (SDLC) rather than implementing them as an afterthought, typically during the later stages of development or deployment phase, can reduce the potential impact and cost of addressing security flaws at a later stage and allow security teams to be more efficient.
DVC firmly believes in this ‘build secure’ approach to API security, where developers will have an increased role in creating secure APIs while working in close collaboration with the security teams. This calls for a new approach to API security as we know it. This is why we are excited to invest in Pynt, which is taking an innovative approach with its automated security testing solution that makes it easy for non-security experts such as developers to incorporate security testing into their existing workflows.
Pynt offers a free community version of its API security testing tool that helps developers and testers identify and fix security vulnerabilities in their APIs. It provides comprehensive coverage of attack categories such as the OWASP Top 10 list among others. Importantly, Pynt has embedded integrations into popular API development tools and CI/CD pipelines to create fully automated API security for developers resulting in rapid adoption by developers.
Pynt’s AI-powered testing engine analyzes the application context and the business logic behind the APIs by scrutinizing traffic from the user’s functional tests or any other traffic source, analyzing response payloads, and building relevant attack scenarios dynamically, thus acting like an autopilot for dynamic API testing. We believe a tool like Pynt has the potential to drive behavioral changes in how developers look at API security.
Pynt’s momentum and traction have been nothing short of spectacular. In less than 6 months of being available, its free community version is ranked [#1] on the Postman API Network and over 2000 developers from more than 300 enterprises around the world downloaded and used Pynt.
Impressively, this traction has happened entirely organically through positive user testimonials and rave reviews on Slack, YouTube, and LinkedIn by popular developer influencers. Pynt has a very developer-centric culture and continues to innovate by adding additional features and has a huge early mover advantage that it intends to grow over time.
In addition, Pynt recently introduced the enterprise edition in collaboration with strategic design partners. Building on the strengths of the free community version, the enterprise edition will focus on team collaboration and will be positioned to act as a control in command for security owners, allowing them to get full visibility of API security gaps from dev to prod. The enterprise version will also provide security & risk dashboards and enforce policy rules for improved compliance readiness, as the widespread adoption of Pynt at the organizational level picks pace.
The founding team of Pynt is based out of Israel and comprises Tzvika Shneider, Ori Goldberg, Ofer Hakimi, and Golan Yosef, all of whom have vast experience in offensive cybersecurity, development, and application security, and held leadership roles at Harman Automotive Cybersecurity, Motorola and Radwin. Prior to founding Pynt, the team worked closely at Harman where they built an automotive security solution for developers, thus have a deep understanding of the pain points that they are solving with Pynt.
We at DVC are excited to help accelerate Pynt’s growth through our “DVC Advantage” program. With our decades of experience and large advisory network, DVC is able to act as an extension to our portfolio companies’ team across company needs in multiple areas such as product & technology strategy, GTM strategy, business development executive mentorship, corporate governance, and talent acquisition.
Comentarii