New Free Tool From Contrast Security Makes API Security Testing Fast and Easy

Developing secure APIs is crucial, but testing them thoroughly can be time-consuming and difficult without the right tools. A new offering called CodeSec from application security provider Contrast Security aims to make robust API security testing quick, accurate, and accessible to all developers for free. I had the opportunity to catch up with Jeff Williams, CTO at Contrast at Black Hat 2023. Here's what I learned.

CodeSec provides an easy command-line interface to scan APIs and serverless functions written in Java, JavaScript, Python, and .NET. It leverages Contrast's patented demand-driven analysis to deliver results up to 10 times faster than competitors. This allows developers to rapidly identify vulnerabilities in their code before those flaws reach production.

According to Contrast Security, CodeSec achieves industry-leading accuracy by avoiding false positives that waste developers' time. The tool also goes beyond merely flagging issues by providing clear remediation guidance on how to properly fix problems. Prioritizing the highest-risk vulnerabilities enables developers to focus on the most critical security needs first.

The company designed CodeSec to be extremely easy to start using, with frictionless signup via GitHub or Google Accounts. Automating security scans as part of CI/CD pipelines is simple with the GitHub Action provided. Contrast Security says developers can go "from zero to secure" in less than five minutes.

This means developers no longer have an excuse for putting off security testing until late in the development process. With CodeSec, validating APIs and integrations for security vulnerabilities can become a natural part of development right from the start. Finding and fixing issues earlier avoids them snowballing into costly delays down the road.

Rather than relying on open-source security tools, CodeSec delivers enterprise-grade capabilities refined over years of commercial use. Contrast Security already powers application security programs at large companies in healthcare, finance, retail, and other sectors. Now, individual developers can take advantage of the same technology for free.

For developers working on public cloud and serverless functions, CodeSec also provides purpose-built serverless security. This is an emerging requirement as organizations adopt serverless platforms like AWS Lambda more rapidly. Legacy application security tools often lack cloud-native capabilities.

By making enterprise API testing accessible to developers everywhere, CodeSec helps companies build more secure software. Automating security scans enables developers to move fast without compromising quality. And better code means fewer vulnerabilities ultimately reach production systems.

The ability to sign up and immediately start finding problems with fast, accurate scans removes any barrier to making security a priority. CodeSec integrates seamlessly with existing developer workflows while prioritizing results that matter most. For resource-constrained teams, having a free security tool backed by the expertise of Contrast Security is a major advantage.

In summary, CodeSec brings highly capable API and serverless security testing to developers' fingertips. By providing proactive security guidance and integrating security into development pipelines, Contrast Security lives up to its mission of helping developers "secure as they code.” Download CodeSec today to start making your applications more secure right away.

Key Takeaways

Here are some of the key takeaways about CodeSec for developers and security professionals:

• CodeSec provides free enterprise-grade API and serverless security testing capabilities.
• It enables fast and accurate scans to identify vulnerabilities early in the development process.
• Clear remediation guidance helps developers properly fix security flaws in their code.
• Frictionless setup gets developers started securing their APIs in under 5 minutes.
• Integrates seamlessly into CI/CD pipelines for automated security testing.
• Prioritizes the most critical vulnerabilities for remediation first.
• Helps shift security left by embedding it earlier in development workflows.
• Offers robust testing for Java, JavaScript, Python, .NET, including cloud platforms.
• Backed by expertise and tech from established application security vendor Contrast.
• Removes barriers to making API security a priority with easy access and usability.
• Enables developers to "secure as they code" and proactively build safer applications.

In summary, CodeSec makes enterprise-level API security testing fast, accurate, and attainable for all developers while promoting security earlier in development.