Peach API Security

Integrating Peach API Security into your existing continuous integration (CI) system ensures that your product development teams receive immediate feedback on the security of your latest release. Finding vulnerabilities earlier in the product development lifecycle saves you time, money, and reputation. Organizations use Peach API Security to reveal and correct vulnerabilities in their web APIs.

Be A Hero. Every Day.

Peach API Security acts as a man-in-the-middle proxy, capturing data sent from your traffic generator and the test target. Once captured, this data is fuzz tested using company’s advanced automated web API security tool. Peach API Security makes testing a breeze. It provides meaningful data so your development team can prioritize vulnerability fixes.

How It Works

Peach API Security performs a series of security checks against your web APIs based on requirements laid out in the OWASP Top-10. By leveraging the automated testing that your development team already performs (i.e. unit tests), Peach intelligently executes a series of fuzz and passive security tests. Once configured, interactions will primarily occur through your existing build-system interfaces. Coverage of REST, SOAP, and JSON RPC web APIs are all supported. Peach API Security intelligently executes a series of fuzz tests and passive security tests on your web APIs. Comprehensive test results empower your team to mitigate security vulnerabilities. Each uncovered vulnerability includes actionable data. Leverage the power of Peach for your DevOps team. Finding vulnerabilities earlier in the product development lifecycle saves you time, money, and reputation.

CI Integration

Peach was designed to seamlessly integrate into your existing CI systems. Implemented as a step in the build pipeline, Peach blocks deployment of builds that are not secure. The results of Peach’s security tests are returned to the CI system, ensuring developers don’t have to exit their current build tools.

Testing Profiles

Configurable testing profiles allow you to balance the depth of testing with the time available to test.
Common profiles include:

• Quick – Quick testing without fuzz testing, ideal for immediate results
• Nightly – Quick testing with fuzz testing, ideal for nightly builds and quick results
• Weekly – Complete testing, ideal for major product releases and complete test results

GENERATING TEST CASES

Peach API Security acts as a man-in-the-middle proxy, capturing traffic created by your existing automated testing. Once captured, this data is fuzzed by Peach and sent to the test target. Integrations with popular automated testing frameworks make capturing traffic easy. In addition, custom traffic generators using REST API, Java, .NET, and Python are all supported. SECURITY TESTING AND COMPLIANCE Peach API Security is a comprehensive testing tool that tests against the OWASP Top-10 and PCI Section 6.5. REPORTING
Comprehensive test results empower development teams to mitigate security weaknesses. Vulnerability data is automatically returned to your CI system. Faults are treated similarly to automation failures, blocking the release of a non-secure build. This enables developers to focus on fixing code, rather than making security decisions. Each vulnerability includes actionable data including:

• Fault Message Data – Used to efficiently find and mitigate vulnerabilities
• OWASP Mapping – Identifies which OWASP Top-10 requirement failed
• Exploitability Difficulty and Impact – Helping your team prioritize vulnerability fixed