Below is our recent interview with Chaim Peer, Chief Executive Officer at BLST Security:
Q: What is your core competence?
A: BLST Security is revolutionizing API security; We are launching SaaS solution that is accessible to dev/devops teams worldwide. We detect broken business logic in your API and map it into a simple, easily integrated platform.
Q: Any highlights on your recent announcement?
A: We released the first version of our SaaS platform. It includes two main functionalities. The first is the OpenAPI specification scan—we scan your OAS for common mistakes, non-best practices, and other things that can potentially lead to future vulnerabilities. We perform that scan assuming the OAS has been auto-generated and reflects the real state of the API. During the same scan, we create a parameter table and an endpoint table from the OAS, which allows advanced functionality and interactiveness while going through the spec.
The second one is the API map generation. We consume HTTP logs from APIs and produce a map from them that presents the API in an easily understandable and highly interactive way.
Q: Can you give us more insights into your offering?
A: We simplify your SDLC with a user-friendly dashboard. Our API visualization provides deep insight into how your API is being used. This allows you to find any anomalies, understand and differentiate between normal and abnormal API user behavior, and see what changes you may need to make to improve your API security. In addition, developers will find it much easier to document APIs. We offer a free trial for 7 days and an entry price threshold of $20 for detailed insights into your API. This includes a detailed overview of the API parameters table, the end-points table, and access to our dashboard, where any user can get full insight into the API.
Q: What can we expect from your company in the next 6 months? What are your plans?
A: We will be offering in the upcoming months an introductory reduced price for our enterprise SaaS solution, which includes an AST (application security testing) solution, our attacker, that is meant to simulate attacks on your API in the integration environment and stop business logic vulnerabilities from reaching production; a runtime protection solution, our decider, that will ingest HTTP logs and tell you whether or not they contain any business logic anomalies; and a runtime validation solution, which will compare your API specification to your HTTP logs and will expose the differences between them.
Q: What is the best thing about your company that people might not know about?
A: The company holds a broader vision for API security than most. The vision is simple—API Security should be part of the work process of all development teams world-wide and address any business size or company, not only for enterprises. We also believe that the solution should be made both available and accessible to both Developers/DevOpses and AppSec people alike.