This month, the Levo team brings you significant advancements to ensure robust security across your entire API ecosystem.
We have added another essential feature to our AI module, expanded discovery and testing coverage, and additional filters that provide unparalleled precision.
We now automatically generate human-readable descriptions for your API endpoints!
Our traffic-based OpenAPI documentation is renowned for producing rich, comprehensive, and accurate specifications.
These OpenAPI specs and Postman collections enable us to send precise, custom payloads—essential for vulnerability detection.
Using GenAI, our documentation now includes human-readable descriptions for each endpoint. While these descriptions don't directly enhance API security testing, they're crucial for API monetization.
According to the Postman 2024 State of the API Report, APIs are no longer just backend technology but revenue drivers for 62% of surveyed enterprises.
For 21% of enterprises, APIs generate 75% of revenue through public and private integration.
Poor or missing documentation slows down even simple API implementations, with 44% of developers resorting to source code analysis and colleague consultation for understanding.
Our auto-generated descriptions include parent application details, usage guides, and changelogs, helping your APIs drive business growth without manual documentation effort or deployment delays.
Check it out:
Levo now automatically discovers SOAP APIs!
Despite the growing popularity of REST APIs, SOAP APIs still maintain a strong presence in enterprise applications, especially in the financial and banking sectors.
This persistence stems from several key advantages: built-in transaction support and robust security through WS-Security, which enables encryption, digital signatures, and ACID compliance.
Its adherence to XML standards ensures reliability and interoperability—essential requirements for complex integrations and legacy systems.
Many industry-specific standards, including healthcare protocols like HL7, DICOM, and SWIFT, are implemented using SOAP.
While adding support for older technologies like SOAP is challenging, we are dedicated to ensuring that the entirety of your API landscape is secure.
Enterprises can now leverage these benefits without API sprawl or the tedious manual cataloging and documentation process!
Check it out:
Import your API endpoints directly from the Levo.ai portal!
While our instrumentation methods reliably detect most API endpoints through traffic monitoring, your security engineers or developers may already have some existing docs that they manually discovered.
To ensure all API endpoints are tracked through a single screen, teams can now import them directly through our UI.
This ensures all endpoints are documented, monitored, and tested—whether they were automatically discovered or not.
This feature mainly helps teams using agentless approaches, which typically miss non-external APIs.
Check it out:
Tailor testing schedules right from the UI!
We aim to empower your DevSecOps team to consistently and effortlessly build and publish exploit-proof APIs.
This is why our testing module automatically generates all test resources- plans, configurations, and payloads separately for every endpoint without requiring manual configuration from you and your team.
But testing just once isn’t enough, especially considering the high rate of integration and updates; 9% of primary APIs are updated weekly.
Relying on manual initiation of such tests is susceptible to oversights, making the original goal redundant.
That's why we enable scheduled test runs, automatically testing selected endpoints at intervals that match your deployment schedule.
Users can now edit these schedules, modifying endpoints and intervals through the UI without starting from scratch.
They can also selectively rerun tests for specific API endpoints rather than testing everything.
Check it out:
Eliminate application duplication with Levo's highly configurable dashboard!
Enterprise networks often run the same application behind different load balancers or servers. This can lead to multiple discoveries of the same application with comprehensive traffic-based instrumentation.
We extract application names from the Kubernetes namespace or hostname to address this.
With our improved regex patterns, you can merge applications with similar service names into a single application.
Check it out:
Levo.ai now integrates with Akamai, F5, and Imperva to automatically discover your API endpoints!
We've expanded our extensive instrumentation options—now, you can access API catalogs and documentation through simple plugins using your existing infrastructure.
Our traffic-based instrumentation provides some of the most detailed and accurate inventory and documentation available.
Its effectiveness depends on traffic quality. Since WAFs capture edge traffic—mainly north-south communication—these agentless methods may miss internal APIs.
While our eBPF agent addresses this limitation, we recognize that installing agents requires significant resources and cross-departmental approval.
Our plugins for Gateways, Load Balancers, CDNs, and now WAFs give your teams immediate API visibility without upfront costs.
Levo.ai now groups endpoints using an API authentication scheme for each environment!
Due to API requirements and different teams working on various features, a single application can use dozens of authentication schemes.
This diversity in authentication schemes extends across development environments, where lower environments often use less stringent schemes—a potential security risk.
With our filter, you can monitor API authentication practices against set standards in both production and pre-production environments.
Check it out:
Our PCAP sensor can now monitor traffic from Windows-based environments!
Windows systems (including but not limited to legacy environments) still process significant traffic containing sensitive data.
Levo's ability to identify, document, test, and protect API endpoints now covers Linux and Windows machines.
Check it out:
Get precise visibility into your APIs through our trace filtering!
Filter by status code and path to monitor activity for specific endpoints that may handle sensitive data (which we can help discover).
Check it out:
Combat alert fatigue with our improved reporting dashboard!
Passive and active security testing results are now automatically optimized for quick, effective remediation.
Our active security testing module generates minimal false positives thanks to dynamic, accurate, and custom payloads. All vulnerabilities are automatically mapped to the relevant developer and microservice.
Our test assertion algorithm also reorganizes vulnerabilities automatically, updating previous tickets based on the latest test runs.
Findings from passive monitoring are automatically filtered by "last seen," ensuring new issues are quickly spotted and resolved.
Experience greater peace of mind with our improved sensor-satellite architecture!
Protecting customer privacy is our priority—we designed our platform to retain less than 1% of customer data (only OpenAPI Specs), unlike competitors who store most or all data in their SaaS.
This works through our sensor and satellite system: the sensor (in customer environments) collects data and sends it to the satellite (self-hosted on-premises or managed by us).
The satellite processes this data and sends only OpenAPI Specs to our SaaS.
While communication between the satellite and SaaS was always encrypted, all communication between the sensor and satellite is also encrypted, even within customer environments.
Levo was designed with privacy and security in mind from the start, and this feature adds protection against data interception between internal systems.
Curious about how these features could transform your API Security initiatives?
Book a demo through this link!
.png){kind=logo}
.svg)
.svg)
.svg)
.png)
.png)
