Enhancing API Security: Escape's Dynamic Scanning Approach for Uncovering Vulnerabilities

-

 


Escape, a beautiful French startup, has successfully raised a significant funding round of $3.9 million (€3.6 million) shortly after completing Y Combinator's winter 2023 cohort. The company specializes in providing a cybersecurity product that focuses on securing APIs before their public release.

The funding round is led by French venture capital firm Iris, with participation from Frst. Existing investors such as Irregular Expressions, Tiny Supercomputers, and Kima Ventures are also participating. Notable angel investors include Philippe Langlois, Mehdi Medjaoui, and Roxanne Varza.

Co-founder and CEO Tristan Kalos explained that Escape has developed a custom algorithm powered by artificial intelligence. This algorithm simulates cyber attacks to identify security flaws in APIs, offering remediation solutions. Tristan Kalos founded Escape with Antoine Carossio, and the team has grown to include 10 members.

Escape's solution is agentless, seamlessly integrating into the development pipeline. Whenever the development team commits new lines of code to the repository, Escape is triggered through an integration in the continuous integration/continuous delivery flow (CI/CD).

One of Escape's key capabilities is identifying issues such as rate limiting, which, if exploited, could lead to the extraction of large volumes of data by malicious actors. Additionally, Escape verifies if invalid actions are effectively blocked to prevent data manipulation. The platform integrates with Snyk, ensuring that Escape's identified issues appear in the code issues of Snyk.

Tristan Kalos explained that Escape conducts dynamic tests, examining the running application rather than the source code itself. APIs pose a unique challenge due to the complexity of their business logic and interaction methods. To address this, Escape employs reinforcement learning, a combination of deep learning and heuristics.

Initially, Escape focused on GraphQL APIs as its go-to-market strategy. However, the company is now expanding its support to REST APIs, which are more prevalent than GraphQL-based APIs.

Escape has already secured approximately 20 clients, including notable companies like Sorare, Shine, and Neo4J. The startup aims to target larger clients operating in sensitive industries, including banks and financial services companies. Each contract with these clients has the potential to be worth tens of thousands of euros annually.

Prior to Escape, ensuring the security of company APIs relied mostly on manual processes. Large companies would occasionally collaborate with security analysts for penetration tests (pentests). However, these tests were infrequent and reactive, with security reports being delivered once or twice a year. The companies would then review the findings and internally assign tasks to resolve the identified issues, often leading to delays and an imperfect process.

Escape does not seek to replace pentests entirely since they cover a broader scope than just APIs. Instead, Escape's objective is to identify and address security flaws at the API level as soon as they emerge. By taking a proactive and dynamic approach, Escape ensures that most issues are resolved before a security firm conducts a pentest. This innovative security model offers a more compelling and marketable proposition for clients.

Comments

Post a Comment

Popular posts from this blog

Empowering Complex Payments: Payrails Secures $14.4M for its Advanced Operating System

-
Image
  Enterprises and marketplaces operating across multiple geographies and products have long relied on a hodgepodge of third-party services cobbled together by teams of engineers. These makeshift solutions, akin to Dr. Frankenstein's creations, often suffer from bugs and missing functionality. At worst, their complexity can even conceal malicious activities. Recognizing this disparity, three payments engineers came together to establish Payrails, a startup that has developed a framework for building and operating stable enterprise payment services. Today, the company announces a funding round of $14.4 million, driven by leading investor EQT Ventures, along with participation from General Catalyst, Andreessen Horowitz, and HV Capital. This "seed extension" follows the original seed round of $6.4 million, led by A16Z and HV Capital, which we covered last year when Payrails emerged from stealth mode. Although the startup does not disclose its valuation, CEO Orkhan Abdullayev ...
Read more

Bridging the Gap: Minoa SaaS Sales Platform Addresses the Rising Demand for Remote Collaboration

-
Image
  The COVID-19 pandemic has disrupted various aspects of business, including the way software-as-a-service (SaaS) companies sell their products. With social distancing measures in place, in-person meetings were replaced by virtual platforms like Zoom and Microsoft Teams. Surprisingly, both vendors and buyers found that virtual meetings could be productive, leading to the adoption of remote practices even as COVID restrictions ease. Recognizing the gap in existing sales tools for online meetings, Richard Einhorn and Max Elster founded Minoa in 2022 to cater to the growing trend of remote B2B sales. Minoa is a sales platform designed to help SaaS vendors and their customers track the lifecycle of a deal asynchronously. It offers tools for value management, quoting, pricing, and more. What sets Minoa apart from other tools is its focus on including customers in the sales platform, unlike many incumbents that primarily serve vendors. As companies incorporate more specialized SaaS servi...
Read more

Revolutionizing EdTech: Byju's Leaps Forward with Transformer Models in AI Endeavors

-
Image
  Byju's, the edtech giant in India, has introduced three transformer models as part of its "Wiz" suite to enhance its educational services and personalize the learning experience for students. The models leverage AI to support learning and address knowledge gaps. The first model, Badri, predicts when learners might struggle with specific concepts and offers recommendations to address the gaps. MathGPT helps students solve math problems using analogies and visual aids, while TeacherGPT serves as an AI-powered assistant, providing personalized guidance and grading responses. Byju's AI model incorporates students' interests to make learning more engaging. For example, it can use cricket analogies to explain complex concepts to a cricket enthusiast. The transformer models have been trained on the vast amount of data generated by Byju's student base and have an accuracy rate of around 87%. They are designed to align with the respective curriculum and operate withi...
Read more