Snyk API & Web is designed to help companies meet the new requirements for dynamic application security testing (DAST).
As companies increasingly use generative AI for software development, APIs are an indispensable bridge between Large Language Models (LLMs) and the applications they feed. Vulnerabilities in these APIs can expose sensitive AI models to significant risks, jeopardizing the security of entire software supply chains.
Snyk API & Web builds on the 2024 acquisition of Probely. The company is working on an additional integration that will give AppSec teams a centralized view of web, API, and code assets within a single interface. This will bring static application security testing (SAST), software composition analysis (SCA), and DAST findings together in a single dashboard.
In addition, Snyk API & Web will gain enterprise features through a new Command-Line Interface (CLI) for organizations with extensive asset portfolios. This enhancement enables programmatic management of scans, targets, and findings, streamlining workflows and enabling automation in CI/CD pipelines.
Innovation in DAST for secure development
For DAST, Snyk is also introducing an AI-powered API testing engine. This combines GenAI and traditional AI/ML models to extend Snyk’s coverage of critical aspects in OWASP’s Top 10 API security risks. The focus is primarily on issues arising from exploits in business logic, such as OWASP’s risk number 1: BOLA (Broken Object Level Authorization).
In addition, Snyk API & Web Code-Informed Dynamic Testing correlates static and dynamic analysis for smarter, more accurate vulnerability detection. By extracting critical information directly from code, it automatically configures DAST tests, identifies APIs, and generates specifications to optimize scan accuracy.