In July, ForAllSecure announced the newest addition to our product portfolio, Mayhem for API. Up and running in just five minutes, Mayhem for API is an easy-to-use API testing solution that maintains an organization’s velocity by combining API performance, reliability and security results through continuous testing practices. Reinforced by OWASP’s Top 10 Web Application Security Risks, Mayhem for API uses fuzz testing to secure APIs from SQL injections, command injections, authentication bypasses, server side request forgeries, and DoS attacks.
In a recent study, 83% of organizations consider API integration a critical part of their business strategy, driven by digital transformation initiatives and cloud application adoption. As organizations adopt these strategies to deliver faster value to customers, there has been an exponential reliance on microservices. This has led to greater diligence on validating API performance, reliability, and security. APIs that are broken, exposed, or hacked can expose sensitive data. Gartner predicts that API attacks will become the most frequent vector for cyberattacks by 2022.
“APIs are a critical part of Roblox’s modern application architecture, and we wanted a single solution that would conduct unit testing, regression testing, and non-deterministic testing. Mayhem for API delivered on that,” said Rob Cameron, Senior Technical Director at Roblox.
Mayhem for API brings fuzzing automation technology and ease of use to the realm of API testing, allowing developers to find those hard-to-expose defects that only fuzzers are built to find and other API testing tools are not equipped to provide. Unlike other API testing tools, Mayhem for API uses random testing to incrementally build test cases that explore the API’s behaviors, and exercise edge cases in the code.
“Mayhem for API was designed with simplicity in mind,” said Alex Rebert, Head of Innovation at ForAllSecure. “We’re seeing users find bugs in their APIs about 5 minutes after downloading the tool. Once they see that value, our focus on simplicity allows them to apply the tool organization-wide within days.”
Mayhem for API is available today with a 30 day free trial. More information here.