9.17.19
Data Theorem, Inc., a leading provider of modern application security, today introduced a new SPA security service that delivers automated discovery and continuous dynamic runtime vulnerability inspection of modern web single-page applications (SPAs). Purpose-built for SPAs, the new service is differentiated in its runtime security analysis that supports both GraphQL and REST API services, the popular services for SPAs that dynamically deliver a faster and richer web user experience.
With DevOps teams rapidly building web SPAs, security and IT teams using traditional web app scanners lack the ability to gather application insights and inspect for security vulnerabilities on these new modern web apps. Now with this new offering from Data Theorem, for the first time users can fully discover and inspect vulnerabilities with dynamic runtime analysis for both GraphQL and REST API services.
“SPA security is the new frontier for modern web application security, and like mobile it is tightly coupled to the explosion and growth of GraphQL and API backend services,” said Doug Cahill, senior analyst and group practice director of cybersecurity for ESG. “To best protect these services from attack, organizations need a solution that delivers both continuous security vulnerability inspection and runtime analysis that supports both GraphQL and REST API services.”
Businesses today delivering modern web applications build SPAs to deliver a richer and faster user experience that is similar to what they deliver with their mobile apps. Similar to mobile app protection, traditional web app scanners lack the ability to add security insights to SPAs because of the dynamic nature of the SPA JavaScript architecture. In addition, GraphQL adds a new attack surface due to the enhanced flexibility it provides, making it difficult to protect against malicious queries. These attack queries could lead to denial of service attacks, or unauthorized access to private data.
“Growth of SPA deployment and usage increases every year because organizations want their web experience to be as good as their mobile app experience,” said Doug Dooley, Data Theorem COO. “But security tools have not kept up with this modern software development trend. With our first web app security offering launching today, Data Theorem is leaping ahead of the competitive landscape to now serve users’ complex security needs beyond API and mobile. We were already leading in runtime analysis for mobile apps, and now we offer similar depth of runtime analysis to protect these popular SPAs.”
Today’s SPA security solution is offered as a component of Data Theorem’s API Discover and API Inspect, which together address security concerns such as Shadow APIs, Serverless Applications, and API Gateway cross-check validation by conducting continuous security assessments on API authentication, authorization, encryption, availability, serverless functions, and policy compliance. The API security solutions support Amazon Web Services, Google Cloud, and Microsoft Azure to discover modern APIs and to enumerate the specification using standards such as Swagger and Open API 3.0.
Pricing and Availability
Available today from Data Theorem, annual list price starts at $9,900 per SPA licensed as a component of API Discover and API Inspect.
www.datatheorem.com