Source: www.govinfosecurity.com – Author:
Application Security , Application Security & Online Fraud , Fraud Management & Cybercrime
Snyk Boosts API Security with Enhanced Dynamic App Security Testing Capabilities Michael Novinson (MichaelNovinson) • November 12, 2024
Snyk purchased a Portuguese dynamic application security testing company led by a longtime Portugal Telecom security manager to address the rising demand for API security.
See Also: OnDemand: Mobile Apps are the New Endpoint
The Boston-based developer security vendor said its acquisition of Porto, Portugal-based Problely will protect applications using APIs due to the increased use of large language models in generative AI. The deal will combine Probely’s low false-positive rates and usability with Snyk’s current application security offerings to provide more comprehensive security coverage across the software development lifecycle.
“What we saw increasingly from our customers, especially the really large ones, early AI adopters, is the need for API security testing as part of their SDLC as they adopted more AI or started creating more AI-native applications,” Snyk Chief Innovation Officer Manoj Nair told Information Security Media Group.
Problely, founded in 2016, employs 41 people and closed an $8.4 million Series A funding round in November 2022 co-led by Iberis Capital and Semapa Next. The company has been led since inception by Nuno Loureiro, who previously spent more than a decade at Portugal Telecom overseeing application security and email engineering (see: Learning From CrowdStrike’s Outage: Insights From Snyk’s CEO).
There is a growing need for API security testing as more organizations develop AI-native applications, according to Nair. He said APIs are often overlooked in traditional security, but crucial in AI applications and must be tested early in the SDLC to avoid security gaps. Probely’s API-first approach aligns well with Snyk’s mission to create a robust security ecosystem that incorporates dynamic testing, Nair said.
“A lot of what happens in those applications is they start using APIs that may never have been tested,” Nair said. “They were around in organizations, and they are this hidden front. We started seeing this demand for API security testing, and the traditional DAST has expanded to include API security testing.”
How Customers Benefit From Unifying Static, Dynamic Testing
Nair said that Snyk’s approach to security prioritizes proactive vulnerability testing, aligning well with Probely’s modern DAST tools that support an API-first philosophy. Probely’s DAST tools can be integrated within the CI/CD pipeline to enhance pre-production security testing, Nair said, helping to identify and address vulnerabilities before deployment.
“Instead of doing it late after production, they’re doing it at the pre-production state by integrating it in the continuous deployment part of the CI/CD,” Nair said. “That is a very good evolution from our perspective because that’s when it fits very well within our mission.”
Combining static and dynamic testing will help Snyk provide a reliable validation method that would bridge gaps in developer-security team workflows, ensuring identified issues are indeed valid threats, Nair said. Validating static findings with dynamic tests would help developers differentiate between theoretical and real vulnerabilities, which Nair said would offer a proof-based approach to security.
“If I can actually correlate something that the static analysis tool shows has been found, and I can actually find that issue with the dynamic test later on when that application is running, that is the best way to prove that this is not a false positive,” Nair said. “Everything else is theory.”
The acquisition of Probely brings significant value to Snyk’s portfolio by integrating dynamic security testing for web applications and APIs, which is critical as applications increasingly rely on APIs, especially in AI-driven models, according to Snyk. Probely’s tools, including Security Headers, streamline security analysis, making it faster and more accessible for developers, Snyk found.
Snyk and Probely both prioritize a developer-first approach to security, focusing on productivity and ease of use. Probely’s low false-positive rates reduce unnecessary alerts for developers, and its intuitive interface helps streamline security testing, minimizing cognitive load. This approach reinforces Snyk’s commitment to developer empowerment and productivity while ensuring robust security compliance.
What Success Looks Like Around the Probely Acquisition
Buying Probely extends Snyk’s commitment to security automation across the software development lifecycle. The deal will support a defense-in-depth approach to application security, enhancing Snyk’s offerings with automated, dynamic vulnerability detection in APIs and applications. As apps increasingly rely on AI-driven API connections, Probely’s API scanning will become critical in securing the SDLC.
Nair set ambitious goals for the Probely acquisition, aiming to replicate Snyk Code’s success and generate significant annual recurring revenue within a few years. Tracking integration milestones, customer adoption rates, and achieving a seamless platform integration are priority metrics to ensure that the acquisition delivers meaningful value, according to Nair.
“How can we be bringing more capabilities from a single vendor, single SDLC platform for our customers?” Nair asked. “And internally, my goal is, ‘How does this become the next $100 million ARR component?'”
API security must be a focus for CISOs, Nair said. He noted the risks associated with untested APIs in AI-native applications and advises companies to adopt API security testing early to mitigate threats. Nair also highlighted the critical role comprehensive API testing plays in securing AI-native applications against the OWASP Top 10 API vulnerabilities.
“The number one thing that CISOs need to think about is, ‘Are my API services being tested?'” Nair said. “Because if not, those risks are not going to be part of my AI-native applications.”
Snyk’s acquisition of Probely fits into its broader strategy to strengthen its platform while positioning itself for a potential IPO in 2025. Prior acquisitions, such as Reviewpad and Enso, have augmented Snyk’s capabilities, creating an ecosystem of tools for developers to secure code efficiently. But Snyk has also faced challenges, including slower growth and workforce reductions due to economic conditions (see: Snyk Buys Reviewpad to Help Developers Contribute Code Fast).
Original Post URL: https://www.govinfosecurity.com/snyk-acquires-probely-to-strengthen-api-security-for-ai-apps-a-26787
Category & Tags: –
Views: 1