Astra Security, the platform for continuous pentesting, is releasing its new API Security Platform, uncovering undocumented, zombie, and shadow APIs that put infrastructures and sensitive PII at risk.
Rather than relying on reactive, siloed detection tools, adopting Astra’s API Security Platform provides proactive, automated protection against hackers using application programming interfaces (APIs) to compromise systems, according to the company.
Most businesses lack a complete API inventory, and developers rarely run active security tests on the APIs they build. Astra API Security Platform solves for both, providing complete visibility into APIs that a company may not have known existed, and testing them autonomously for security vulnerabilities.
As organizations undertake digital transformation and modernization, the number of APIs proliferates across distributed infrastructures, the company said. Zombie APIs, abandoned or outdated endpoints, often linger in systems and become easy targets for attackers. Shadow APIs, built outside official security controls, expose sensitive data, and bypass governance.
Astra’s API Security Platform solves this by finding every undocumented, dormant, and shadow API across infrastructure. The platform analyzes live traffic in real-time and runs offensive Dynamic Application Security Testing (DAST) scans across all APIs, applying more than 15,000 test cases.
“APIs continue to be the unguarded backdoor to corporate data,” said Shikhil Sharma, co-founder and CEO of Astra Security. “Automated security tools tend to focus on web applications, overlooking APIs. All the innovation happening in the AI world, with AI Agents to MCP servers, has APIs as its backbone. With the release of the Astra API security platform, we can now discover, scan, and secure APIs in real time, closing the gaps before hackers can exploit them.”
Astra’s API Security Platform provides real-time visibility into every API in infrastructure, including undocumented, dormant, and shadow APIs.
Integrations capture live traffic across cloud and distributed systems, including NGINX, AWS, GCP, Azure, Istio, Apigee, Kong, and Postman. Rather than relying exclusively on automation, Astra applies over 15,000 DAST test cases as well as manual penetration tests conducted by in-house cybersecurity experts certified in OSCP, CEH, and eWPTXv2. Astra also maintains a continually updated API inventory derived from real-world traffic observations.
“It’s essential to identify weaknesses before they lead to compromised data,” said Ananda Krishna, co-founder and CTO of Astra Security. “By applying a hybrid strategy, our API Security Platform identifies security issues others miss, from misconfigurations and broken authentications to authorization flaws.”
Astra Security offers a unique penetration testing platform featuring a suite of products, including an AI-powered DAST scanner that continually emulates hacker behavior, as well as a team of CREST-accredited (Council of Registered Ethical Security Testers) ethical hackers manually performing penetration testing. Astra Security is CREST-accredited, ISO27001 certified, and CERT-in empanelled.
For more information about this news, visit www.getastra.com.