Most businesses have adopted public facing APIs to power their websites and apps. This more versatile way to build software, though, has dramatically increased the attack surface for your business. There’s been a 200% increase in API security breaches in just the last year with the APIs of companies like Uber, Meta, Experian and Just Dial leaking millions of records. Traditional security monitoring tools haven’t caught up with the way modern applications work!
To fix this we’re launching Metlo, an open source API security platform. Metlo discovers all your API endpoints, runs security tests, and detects potential attackers.
Metlo scans your API traffic and discovers all your public endpoints. This includes legacy, undocumented and shadow endpoints your security team may notbe aware of. Metlo scans each endpoint for sensitive data and assigns it a risk score so you can instantly understand your highest risk endpoints.
Metlo runs a suite of automated tests against your API traffic and endpoints so you can find vulnerabilities before an attacker does. We find issues like Unauthenticated endpoints returning sensitive data, no HSTS headers, PII data in URL params and more.
It’s impossible to find all vulnerabilities in development. Metlo builds a baseline model of your API usage and automatically flags any anomalous behavior for your security team to look into. This allows you to identify and stop attacks as they are happening!
With Metlo you can instantly discover, inventory, test, and protect your APIs (both internal and external). Check out our repo on GitHub and get started with Metlo today! Our agentless system lets you get up and running in less than 10 minutes with 0 code changes.
If you are interested in securing your API, we would love to get in touch! You can book a demo here, join our discord community or email us at firstname.lastname@example.org / email@example.com. We’re excited to build the new global standard to secure APIs together!