By Haris Sohail

Expanded API Security Testing Collaboration and Environment Support 

At Microsoft Ignite 2023, Microsoft Defender for Cloud announced the support of API security testing integration, enabling Defender for Cloud to provide full lifecycle API protection from code to cloud, which makes Microsoft the only cloud provider that enables organizations to assess risk and address API threats across the entire cloud application lifecycle. Today, we’re happy to announce this support has been extended to two additional API security testing solutions and is currently in public preview. Additionally, we’re thrilled to share that support of Azure DevOps environments is in public preview.

Customers can now choose from a variety of API security testing solutions in the Azure Marketplace and integrate the solutions within their DevOps pipelines, allowing security teams to have centralized visibility of the assessed API security posture within Defender for Cloud. Supported solutions now include 42Crunch, Bright Security, and StackHawk. Supported DevOps environments includes both GitHub and Azure DevOps, allowing customers to upload their scan results from both DevOps environments into Defender for Cloud.

Embracing a ‘shift-left’ security approach is crucial for modern organizations. By integrating API security measures earlier in the software development lifecycle, developers can proactively identify and mitigate API vulnerabilities that might otherwise go undetected, ensuring robust protection against top OWASP API related risks, business logic abuse, and more.

By empowering developers to code and configure APIs securely early in the development lifecycle, Defender for Cloud helps organizations deliver cloud applications that are secure-by-design from the start of development to continuous security throughout production. Security teams can leverage the rich reporting capabilities of Defender for Cloud to gain unified visibility into the health of their API estate during development time, ensuring insecure applications do not make it to production.

The support for API security testing via these solutions complements the existing runtime security capabilities from Defender for APIs. By enabling Defender for APIs alongside the API testing solutions, Defender for Cloud customers gain a robust security governance framework and clear visibility into their APIs throughout the entire lifecycle, from design to runtime. Microservices-based application architectures, and multi-cloud application footprints have amplified the magnitude of APIs drastically, which further adds complexity to API security. There is rarely a single access point at which API security can be enforced. This approach ensures that APIs are secure and monitored at every stage.

Visibility of API security testing scan results within Defender for Cloud recommendation

Ability to query for source code repositories with unhealthy API security testing results within the Cloud Security Explorer

Read the full post here:  Microsoft Defender for Cloud extends support to enable increased API security testing visibility