Releases/
December 2023

Eliminating BOLA: Automated Authorization Policy Testing Through Code-Free Descriptions

Aptori's Sift, an API security testing tool, can autonomously generate and execute test cases to verify the business logic and confirm the effectiveness of an authorization policy. Sift ensures comprehensive testing of all possible scenarios involving creators, actors, actions, and entities, handling anything from 10 to thousands of test cases, all completed swiftly within seconds.

Eliminating BOLA: Automated Authorization Policy Testing Through Code-Free Descriptions

Aptori's Sift, an API security testing tool, can autonomously generate and execute test cases to verify the business logic and confirm the effectiveness of an authorization policy. Sift ensures comprehensive testing of all possible scenarios involving creators, actors, actions, and entities, handling anything from 10 to thousands of test cases, all completed swiftly within seconds.

Moreover, authorization policies can now be conveniently defined using straightforward tables (no code) or a few lines of YAML code (low code). This allows Sift to automatically create test cases for hundreds of access scenarios, thoroughly validating each aspect of an authorization policy. This comprehensive validation ensures that Broken Object Level Authorization (BOLA) issues become a concern of the past.

Aptori Safe Mode – Active Runtime Monitoring for GRC
Expanded Vulnerability Mapping Across Security Standards and Attack Taxonomies
Policy Editor with Rego Support for Custom Security Policies
Jira Multi-Server Support with Project Mapping
EPSS Version 4 Integration for Dynamic Risk Prioritization
New Issue Status: "Fix Not Available"
Sift Version 2 Configuration via UI Wizard
Configurable Data Retention for Scan Results
Generator Sets for Dynamic Test Data
Automated GitLab DAST Export from Aptori Sift CI Scans
Improved Search Across Groups, Projects, and Assets
Enhanced Python SDK with User, Group, and Report Management Functions
New findBy API for Flexible Resource Lookup
Enhanced Projects Page with Insights and Risk Charts
User-Defined Labels for Assets, Projects, and Groups
OSV-Scanner integration is now available in Aptori
Infrastructure as Code (IaC) Scanning
Secure your cloud using AWS vulnerability scanning
Inspections
Real-Time Vulnerability Risk Scoring using EPSS and CVSSv3
Aptori Enhanced with Essential Security Scanning Capabilities
Eliminating BOLA: Automated Authorization Policy Testing Through Code-Free Descriptions
Aptori
Aptori is the AI for the good guys—enabling security teams to reduce risk, accelerate secure releases, and ensure continuous compliance.

Aptori is the leader in autonomous application security, delivering the first deterministic AI to detect and remediate business logic vulnerabilities with precision.

The Aptori AI Security Engineer proactively identifies, prioritizes, and fixes vulnerabilities across code, APIs, applications, and cloud environments. By eliminating security backlogs and freeing engineering capacity, Aptori empowers teams to innovate faster and ship secure software at scale.
PLATFORM
Why AptoriProduct Updates
          
RESOURCES
InsightsGuidesGlossaryWhite PapersDocumentation
SOLUTIONS
AI-Driven AppSecAI Security EngineerAI Code FixApplication Security TestingAPI Security TestingAPI Risk AssessmentPrevent BOLA AttacksPCI DSS 4.0 Compliance
NEWSLETTER
Get monthly news and insights in your inbox