Noname Security has launched Noname Recon, the latest addition to the company’s API Security Platform. With Recon, customers are now able to simulate an attacker performing reconnaissance on an organisation’s domains, allowing them to rapidly find and fix issues – without any integrations, installations, or implementations required.
Cybercrime rates show no sign of slowing down. According to recent research commissioned by Noname Security looking at API Security Trends in 2022, 76% of those surveyed reported they had experienced an API security incident in the past 12 months. Although there are many ways a cybercriminal can gain access to an organisation, APIs now represent the most common attack vector used by malicious state and non-state actors alike.
“One of the best ways to prevent a cyber attack is to stay ahead of cybercriminals. With APIs creating thousands of potential entry points to an organisation, it’s no surprise that many hackers look to take advantage of these potential vulnerabilities,” said Shay Levi, Co-Founder and CTO at Noname Security. “How do you beat a hacker? Think like them. With Recon, we’ve made it easy to identify potential vulnerabilities and exploitable intelligence by simulating attacker reconnaissance, so customers can use that information to better protect themselves.”
With Noname Recon, customers can now easily find public issues and quickly fix them to prevent breaches. Recon enables customers to:
● Easily Find Public Exposures: Automatically discover public APIs, domains, and vulnerabilities, including “shadow domains” that are easily overlooked; find exploitable intelligence, such as exposed information, to understand the attack paths available to adversaries; and monitor for changes in APIs, domains, and developer activity to build a complete and current inventory of publicly accessible assets.
● Quickly Fix Vulnerabilities: Rapidly reduce risks and eliminate weaknesses before they can be exploited, make smart, informed decisions about which issues to remediate first and shrink your attack surface in record time, and resolve high-severity issues in hours or days instead of weeks or months.
● Actively Prevent Breaches: Continuously secure your customer data, personally identifiable information (PII), internal documentation, intellectual property, regulatory standing, shareholder value, and more with automatic scanning and protection against evolving threats; automate policy enforcement and avoid regulatory fines and reputational damage by continually monitoring for compliance.
Early-access customers report that Noname Recon is “a game-changer” that’s helped them identify potential vulnerabilities that were not found with any other technology they have used. In the words of one Fortune 500 customer, “with Recon, we feel more secure than ever.”
In particular, Noname Recon has helped customers identify critical issues such as secret keys stored in public code repositories, leaked internal documentation, misrouting allowing WAF and CDN bypass, and more. Many of these issues demonstrate how even well-designed and thoroughly-tested APIs require continuous security as they interact with other technologies and environments.
Noname Recon expands the ability of the platform to secure APIs at all times from all potential threats. This allows organisations the ability to lower the risk of an attack, lower the cost of potential incidents, and increase revenue by delivering more secure products, more developer confidence, faster development, and better brand reputation.