Today we’re excited to announce Specification Enrichment, an LLM-powered enhancement to our API Discovery feature. This enhancement is a copilot bolted onto a SaaS experience—a truly integrated enhancement that helps security teams better understand their risk and makes them more efficient.
LLM-powered Specification EnrichmentThis enhancement enriches API descriptions provided by developers or automatically discovered by Impart, and makes them easier for humans to read by generating human readable endpoint descriptions and summaries based on API behavior.
This helps security teams:
- More quickly understand the purpose of large collections of endpoints
- Reduce risk by improving documentation quality with high-quality descriptions that can be sent to engineering teams via developer workflows
- Become more efficient by being able to use these enhanced API specifications directly in Impart’s integrated API security platform
Here’s what one of our customers said when we showed them the enhancement:
“It’s very cool knowing these API endpoint descriptions were generated via Large Language Models. They’re much easier to understand quickly.”
How API Discovery Helps Security Teams
Endpoint Inventory powered by API DiscoveryAPI Discovery was designed to solve a few customer problems that we heard often from security teams:
- Not knowing what API endpoints were in production
- Not knowing what sensitive data was being carried by these APIs
- Not being able to provide DAST tooling with an endpoint map
- Not being able to provide DAST tooling with realistic test payloads
To solve these problems, we built an API Discovery solution that worked primarily through observing API traffic. By observing API traffic through multiple integration methods, we are able to determine what endpoints are seeing traffic as well as what the actual payloads are.
This enables us to build a real-time API specification on the fly with rich detail about API endpoints and parameters, baseline that traffic, and compare live traffic to that baseline to identify risk factors like shadow APIs or non-conforming behavior.
This API catalog and traffic baseline can be shared directly with DAST tooling such as BURP to enable security teams to easily run tests against different endpoints, without having to spend lots of time identifying what endpoints to test, or analyzing production databases to recreate realistic test payloads.
Schedule a demo at try.imp.art today to learn more about how Impart can help you better manage your API risk efficiently with LLM-powered Specification Enrichment. Also, be sure to follow us on LinkedIn for the latest and greatest.