Qualys unveils AI-powered API security in new WAS upgrade

Qualys has introduced enhanced Web Application Scanning (WAS) capabilities, incorporating advanced API security features powered by artificial intelligence. The new functionality aims to address the complex challenges of securing web applications and APIs in modern digital environments, covering a broad spectrum of attack surfaces including on-premises web servers, databases, hybrid and multi-cloud environments, API gateways, containerised architectures and microservices.

The company has also launched an API Security Beta Program, offering organisations both existing and new users a no-cost, 30-day trial of its updated Web Application Scanning capabilities. This initiative is intended to provide early access to the new features and help companies better secure their web infrastructure.

"APIs are vital for digital transformation, and are widespread, constituting over 83% of web traffic. They also massively expand a company’s attack surface. While many Australian businesses are now aware of this risk due to recent high profile breaches, a significant number still don’t know how many APIs they have exposed online," stated Sam Salehi, managing director for ANZ at Qualys.

Salehi emphasised the necessity of robust API security for Australian businesses. "Robust API security is a must-have for Australian businesses to ensure that they both protect sensitive data and comply with regulations like the Privacy Act and those governing critical infrastructure. Our new functionality offers real-time discovery and monitoring, providing a unified view of API risks, ensuring robust protection and faster response times."

The new API security features introduced by Qualys are designed to enhance measurement, communication and mitigation of API risks. Key functionalities include:

Unified View of API Risks: The platform provides a comprehensive view of API security by discovering and monitoring every API asset across diverse environments, facilitating better decision-making and quicker response times.

Effective Communication of API Risks: Continuous vulnerability testing using over 200 prebuilt signatures helps detect critical vulnerabilities. This includes addressing Open Worldwide Application Security Project (OWASP) API Top 10 vulnerabilities and exposures relating to personally identifiable information (PII) and sensitive data. AI-assisted clustering achieves a 96% detection rate and reduces scan time by 80%. It also helps identify any documentation drifts as per OpenAPI v3 specifications, communicating these changes in a clear manner.

Elimination of API Risks: Leveraging Qualys' proprietary TruRisk scoring system, the platform prioritises risks to ensure that the most critical vulnerabilities are tackled first. Integrated workflows support both Shift-Left and Shift-Right practices, which aims to bridge the gap between IT and security teams, thereby promoting seamless collaboration and improving operational efficiency.

These advanced features aim to provide organisations with enhanced security measures to protect against increasingly sophisticated cyber threats. Qualys' AI-powered API security is positioned to offer a significant upgrade for businesses seeking to secure their digital transformation efforts.