Salt launches STEP program to enhance API security for enterprises

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


Salt Security has launched an initiative to help enterprises significantly reduce risk across their API ecosystem.

The STEP (Salt Technical Ecosystem Partner) program encompasses the integration of AI-driven API security insights into existing workflows and tools within organisations. This integration empowers joint customers to bolster their security posture using the Salt Security API Protection Platform.

Salt has introduced STEP’s inaugural partners, focusing on API testing solutions. Among these partners are Bright Security, Invicti Security, StackHawk, and Contrast Security—leaders in dynamic application security testing (DAST) and interactive application security testing (IAST).

These partnerships offer pre-built integrations, allowing organisations to seamlessly deploy and:

  • Adopt a risk-based approach for API testing: By bridging the gap between cloud and code, organisations can prioritise sensitive data and minimise vulnerabilities.
  • Expand surface coverage to minimise risk: Leveraging Salt’s comprehensive and up-to-date API inventory combined with vulnerability prioritisation from testing partners leads to enhanced risk reduction.
  • Elevate testing quality: Organisations can harness the power of best-of-breed testing capabilities spanning various domains, from OWASP and MITRE to business logic, SQLi, XSS, and SSRF.
  • Enhance DevOps and DevSecOps efficiency: Existing testing technologies can be seamlessly integrated into development pipelines, minimising friction for teams.
  • Accelerate time-to-value: By integrating with integrated development environments (IDEs) and software pipeline tools, organisations can expedite their processes.
  • Improve efficiencies: Context-rich OpenAPI Specification (OAS) files are automatically updated in real-time, streamlining testing efforts and prioritisation.
  • Boost R&D velocity: Focusing on priority APIs, such as external APIs or those containing Personally Identifiable Information (PII), helps to accelerate development efforts.

The STEP program extends beyond testing, as Salt has also actively integrated with other API ecosystem technologies, including Web Application Firewalls (WAFs), API gateways, and cloud security providers. This initiative includes the joint development of integrations with partners and the publication of APIs to facilitate quick access to valuable API data from the Salt system.

Roey Eliyahu, CEO and co-founder of Salt Security, said:

“Salt has taken a unique approach to solving the broad and serious challenge of securing APIs.

Our deep API context offers the industry’s richest API discovery and runtime protection, and now we’re extending that adaptive intelligence to our partners’ best-of-breed solutions, providing our customers with unparalleled API security. 

Embracing a “best of breed” approach, the STEP program ensures that enterprises benefit from industry-leading API security capabilities throughout the lifecycle. Recognising that no single company can fully secure APIs across all disciplines, the integrations stemming from this program aim to provide customers with highly capable, easy-to-deploy, and effective API protection solutions.

Joni Klippert, CEO of StackHawk, said:

“Given the explosive growth of API development, it’s imperative that teams prioritise and automate security testing for their APIs and do so in a way that seamlessly integrates with developer workflows.

As part of the Salt STEP program, StackHawk is excited to bring the most developer-focused and comprehensive API security testing solution to help organisations deliver secure code rapidly.

Together, Salt and StackHawk empower organisations with the most robust end-to-end API security experience to build secure software quickly, monitor and respond to attacks, and incorporate that feedback into the building and testing of software development.”

The urgency of API security has been underscored by the increase in API-related threats and vulnerabilities.

The 2023 State of API Security report indicates that 94 percent of organisations encountered security issues in their production APIs in the past year. Furthermore, the escalating costs of security breaches, which stand at $6.1 million on average, are predicted to rise to nearly $14.5 million by 2030.

Gadi Bashvitz, CEO of Bright Security, commented:

“By leveraging the intelligence derived from Salt, application security (AppSec) and development teams are equipped to significantly improve their organisations’ API security posture.

AppSec can provide governance for the AppSec program, and development teams can detect and remediate vulnerabilities early in the development lifecycle.” 

With Salt Security’s STEP program, enterprises are set to benefit from a robust and comprehensive solution to tackle the evolving challenges of API threats and vulnerabilities.

(Photo by Chang Duong on Unsplash)

See also: Mathew Payne, GitHub: Protecting code while nurturing user experience

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with Digital Transformation Week.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *