Wib launches high-definition risk engine – the first risk-ranking solution to meet OWASP standards for API security

02 August 2023

API risks exposed in unprecedented clarity across the API lifecycle with weighted risk scores based on context, likelihood and business impact

Tel Aviv, Israel – August 2^nd 2023 – API lifecycle security expert Wib, through its unified API Security platform has announced the launch of its a high-definition risk engine that gives the richest picture yet of API security threats, enabling organizations to manage API risks with greater certainty, accuracy and in alignment with published OWASP Risk Methodology standards.

Part of the company’s Fusion Platform, Wib’s high-definition risk engine is the first to meet OWASP’s requirements for effective API risk prioritization. Wib’s solution spans the complete API lifecycle from code development, through testing, and into production, and calculates the three critical dimensions of each defined risk (context, business impact (and the likelihood it will occur) to determine a weighted risk score.

According to Gartner, in its API Security and management report, API security vulnerabilities will account for more than 50% of all enterprise data loss by 2025. This is because security risks are shifting from the user interface to the API as web and cloud applications proliferate, creating blind spots in legacy approach that prevent enterprises from maintaining a sound risk posture. Wib’s high-definition risk engine equips organizations to fight back with crystal-clear clarity of API risks, enabling a risk ranking methodology that exemplifies the recommended approach of OWASP, the internationally recognised authority for API security standards.

Wib VP of Products, Gil Shulman, said: “If you can’t prioritise risks you can’t have an effective defensive strategy. Just as a high-definition screen uses detail to show you a clearer picture, our high-def engine provides a very granular view of every risk. But the detail is no use without understanding the context. Not all APIs are equal so our solution takes business impact into account. It puts a higher weighting on those involved in customer data or payment information, for example.”

Wib’s rankings are based on:

Multi-lens information gathered from data sources across the API lifecycle – coding, testing and production.
Context and impact for each API, which are determined by factors such as the value of the data, importance of the process and the regulatory or financial consequences of a successful attack
The probability of an attack occurring – assessed using a mix of technical criteria, such as misconfiguration and incident history, with analysis of the incentives for the attacker and the difficulty of launching an attack.

This data is automatically combined to provide weighted risk scores for each API.

Shulman adds: “Almost everyone in the API security market claims to produce a risk score, but when you dig deeper into these methodologies, they don’t differentiate between APIs or rank risks according to business context. The purpose of ranking is to tell you what’s most important and help the SOC and incident response teams to decide what to do about it. Insights are only useful if they’re actionable.”

About Wib

Wib is pioneering a new era in advanced API security with its industry-first holistic API security platform. Providing unified, continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety.

Wib’s elite team of developers, attackers, defenders, and seasoned cybersecurity professionals draw on real-world experience and expertise to help define and develop innovative technology solutions that enable customers with the identity, inventory and integrity of every API, wherever it may be within the development lifecycle, without compromising development or stifling innovation.

Wib is Headquartered in Tel Aviv, Israel with international presence in Dallas, USA and London, UK. It was founded in August 2021 by serial entrepreneur Gil Don (CEO), Ran Ohayon (CRO) and Tal Steinherz who previously served as the CTO of Israel’s national cyber directorate. Visit www.wib.com

Supporting Resources:

High-Definition Risk Ranking: Enhancing OWASP’s Methodologies for Comprehensive API Security – A Wib brief
OWASP Risk Rating Methodology

August 2nd, 2023

Wib launches high-definition risk engine – the first risk-ranking solution to meet OWASP standards for API security

API risks exposed in unprecedented clarity across the API lifecycle with weighted risk scores […]

> Read the news article

June 20th, 2023

Wib Announce Industry First Compliance Module to its Holistic API Security Platform

Revolutionizing organizations’ capability to meet Cybersecurity and API regulatory requirements Tel Aviv, Israel […]

> Read the news article

June 6th, 2023

Wib Signs Kite Distribution as First Distribution Partner in UK&I

Partnership to address growing demand for API security across the region Tel Aviv, […]

> Read the news article

May 23rd, 2023

APImetrics and Wib Security Partner to Close the Loop on API Performance, Compliance and Security

Combined offering enables API providers to discover, catalog, and actively monitor their secure APIs […]

> Read the news article

View more news

Cookie	Duration	Description
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (which increments with each pageview in a session), and session start timestamp.
__hssrc	session	HubSpot cookie sets this cookie to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to store the user consent.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether that visitor is included in the data sampling defined by your site's pageview limit.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	1 year 1 month 4 days	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjRecordingEnabled	never	Hotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjRecordingLastActivity	never	Hotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_hjIncludedInSessionSample_3388746	2 minutes	No description
_hjSession_3388746	30 minutes	No description
_hjSessionUser_3388746	1 year	No description
incap_ses_1177_2167377	session	No description
incap_ses_456_2167377	session	Description is currently not available.
referrerd7_003	1 month	No description
visid_incap_2167377	1 year	No description

API risks exposed in unprecedented clarity across the API lifecycle with weighted risk scores based on context, likelihood and business impact

Just dropped…!