An advanced IAST tool such as Seeker® by Synopsys is unique and useful in securing cloud-native apps. It can detect, test, and validate all the inbound and outbound API calls, whether they are API calls your app declares or callable APIs you are not testing. It also tracks and tests for commonly leveraged serverless functions such as AWS Lambda and Azure Functions without adding additional scan cycles and friction to the continuous pipeline.
Everything is done autonomously in the background by the tool, while the normal development and QA test workloads are carried out by the teams. DevOps and security teams get a highly interactive and visual map of all the critical and sensitive dataflow, including vulnerable paths and potential sensitive data leakage. Development teams get real-time information—from stack traces to detailed line of code, as well as remediation guidance.
Unlike traditional dynamic scanners that require API specifications to perform security testing, with Seeker IAST, there is no reliance upon OpenAPI or Swagger files. Seeker can discover all callable APIs using its instrumentation agents and can generate OpenAPI docs based on Postman or HAR files. It can track and detect all application requests and responses with payloads in JSON, XML, or in newer formats such as GraphQL, gRPC, and Kafka. And it provides a catalog of all the endpoint calls including untested, callable APIs and URLs.
In addition to Seeker IAST, Synopsys offers complete, end-to-end scanning technologies that help secure your cloud-native applications. Code Sight™ lightweight SAST empowers developers to instantly detect and fix vulnerable code in their IDE. Coverity® static analysis, and Black Duck® software composition analysis helps secure IaC, containerized apps, and images. Synopsys provides a comprehensive portfolio of app security testing tools and services that can help your teams find and fix critical vulnerabilities such as access and authentication issues, cross-site scripting, and various types of injections quickly and painlessly.
Download the Gartner 2022 “Critical Capabilities for Application Security Testing” report to learn more about the Synopsys portfolio of AST tools and why Synopsys received the highest score for the cloud-native application use case.