See What Attackers See: Salt Security Unleashes Salt Surface to Reveal Hidden API Risks

New assessment tool discovers and catalogues an organization’s complete API inventory, including the shadow, zombie, and unprotected APIs that leave data exposed.

Salt Security, the leader in API security, today announced the launch of Salt Surface, a new capability integrated into its industry-leading API Protection Platform. Salt Surface provides organizations with a comprehensive API attack surface assessment, delivering an attacker’s-eye view of their public-facing APIs to uncover specific, actionable risks before they can be exploited.

Salt Surface is an active reconnaissance tool meticulously designed to mimic the tactics and techniques used by advanced API attackers. Its primary purpose is to help organizations proactively identify, validate, and understand the risks associated with their exposed API endpoints. Unlike traditional passive discovery methods that rely solely on observing existing API traffic, Salt Surface employs active discovery techniques, uncovering hidden, unmonitored, and forgotten APIs, creating a highly accurate evaluation of an organization’s current external attack surface.

The technology is powered by the continuous expertise and cutting-edge research from Salt Labs, a recognized leader in the API security research field. This ensures that Salt Surface’s discovery techniques stay current with the latest tactics employed by attackers. While competing tools often provide large volumes of unrelated or low-context data, Salt Surface focuses on delivering relevant, actionable intelligence.

Salt Surface provides a multi-faceted approach to discovering risks and reducing an organization’s API attack surface. This includes:

• Comprehensive API Discovery: Salt Surface actively researches all of an organization’s internet-facing API assets, thoroughly examining domains and subdomains to pinpoint every potential API endpoint. This process enables teams to uncover shadow and zombie endpoints that might otherwise be overlooked by methods that only see existing traffic.
• Vulnerability and Misconfiguration Detection: The scan is highly effective at identifying critical security risks associated with discovered APIs. It detects common and severe misconfigurations, highlights potential vulnerabilities, and finds instances of sensitive data exposure.
• Proactive Posture Governance:Findings from Salt Surface are automatically evaluated against a robust set of posture governance policies built specifically for externally discovered assets. This provides instant insight into security gaps and policy violations without requiring a single log or traffic sensor to be deployed.
• Actionable Assessment Reporting:All discoveries, risks, and policy violations are compiled into a single, consolidated, and evidence-based assessment report. This report is designed to be highly actionable, providing security teams with the clear, prioritized information they need to address vulnerabilities effectively.

“Being proactive is no longer optional in API security; it’s mission-critical,” said Roey Eliyahu, CEO and co-founder of Salt Security. “Salt Surface gives organizations that proactive edge. It provides the actionable context needed to see their APIs through an attacker’s lens and fix security gaps before they are discovered and exploited.”

Salt Security secures the APIs that power today’s digital businesses. Salt delivers the fastest API discovery in the industry—surfacing shadow, zombie, and unknown APIs before attackers find them. The company’s posture governance engine and centralized Policy Hub automate security checks and enforce safe API development at scale. With built-in rules and customizable policies, Salt makes it easy to stay ahead of compliance and reduce API risk. Salt also uses machine learning and AI to detect threats early, giving companies a critical advantage against today’s sophisticated API attacks.

Credit: Sully Ben-Arie