Don't give up on the value of people in your security strategy. Preventing vulnerabilities depends on proactive action by people. Numerous talks in The Elephant in AppSec underlined the necessity of creating a security culture, both from a cost-benefit perspective but also to make the lives of developers and security teams easier. How do you actually do this? Dustin Lehr shows us exactly how, with a blueprint that harnesses behavioral science to effectively inspire people to implement security practices. Developing this security culture is crucial to avoiding wasting developers' time on fixing easily preventable vulnerabilities. But existing tactics don't actually work that well. Fear tactics and offers of merch don't get you very far, so what does? Watch Dustin's full talk to find out how to intrinsically motivate security practices across your organization 👉 https://lnkd.in/eiHNxTmj What tactics worked or didn't work for you? What would motivate you to adopt a stronger security-based mindset?
Escape
Computer and Network Security
San Francisco, California 4,310 followers
We're reinventing API security. No traffic monitoring, lower time to value.
About us
Get instant value by scanning your exposed source code and identifying critical API vulnerabilities in just 15 minutes—no traffic monitoring or complex integrations required. Going beyond scanning, Escape provides actionable remediation code snippets, allowing you to quickly fix issues and enhance collaboration with your developers
- Website
-
https://escape.tech/
External link for Escape
- Industry
- Computer and Network Security
- Company size
- 11-50 employees
- Headquarters
- San Francisco, California
- Type
- Privately Held
- Specialties
- API security, Application Security, API inventory, DAST, and API Discovery
Products
Escape
Dynamic Application Security Testing (DAST) Software
Secure your APIs effortlessly with Escape. View exposed API endpoints and sensitive data in minutes, continuously test as APIs evolve, prioritize business-critical vulnerabilities, and fix them efficiently with actionable remediation code snippets. No traffic monitoring or complex integrations required.
Locations
-
Primary
1524 Fell St
San Francisco, California 94117, US
-
Paris, FR
Employees at Escape
-
Julien-David Nitlech
-
Alexis Monville
Co-Founder, Executive and Leadership Coach at Pearlside - Author - Keynote Speaker - Start-up Advisor - ex-Chief of Staff to the CTO at Red Hat 🚀 I…
-
Douglas Minor
Aspire kitchen and Bath
-
Jack Trammell
Full Professor, Chair of Sociology, Criminal Justice, and Human Services at Mount Saint Mary's University (MD) and Independent Consultant
Updates
-
🎉 Escape Wrapped 2024 🎉 We have definitely had an incredible year here at Escape, with so many technological breakthroughs, hundreds of contributions to open source projects, and so many innovations still to come 🔥 But what have we been up to behind the lines of code? Here's a quick snapshot of what 2024 in and outside the Escape office has looked like! We cannot wait to see you in 2025 for an even greater adventure 🎢
-
Application security is tough. Maintenance is tougher. What if you could write custom security tests to catch unique vulnerabilities without the headache of maintaining them? Escape Rules make it possible. Here’s how: ✅ Automatic Adaptation: Escape's Custom Rules adjust seamlessly to API changes, eliminating the need for manual updates and ensuring continuous protection. ✅ Enhanced Detection of Business Logic Flaws: Identify complex vulnerabilities, such as BOLAs and access control issues, that standard tools often overlook, through feedback-driven exploration. ✅ Ease of Use: Built on YAML syntax, these rules are straightforward to write for security engineers, developers, and site reliability engineers, unlike BChecks which is more verbose and less structured ✅ Scalability: Apply these adaptable tests across all your APIs, regardless of their number or complexity, ensuring consistent security standards. ✅ Seamless Integration: Deploy Custom Rules effortlessly directly within your CI/CD pipelines ✅ Strengthen Resilience: Escape Rules turn pentests and bug bounties into a scalable, automated defense, preventing recurring vulnerabilities. Unlike traditional tools like Burp Suite or Nuclei, which require constant maintenance to keep up with API changes, Escape's Custom Rules adapts automatically to every change in your attack surface, freeing the team from the burden of manual updates, allowing them to focus on innovation. Stop letting your security tools slow you down. Curious how to write custom security tests effortlessly? Watch our workshop to see Escape’s YAML-based Custom Rules in action 👉https://lnkd.in/g2Gec_gk Escape empowers your team to focus on building while we handle the security😉
-
Escape reposted this
How Lightspeed Commerce ensures full security compliance with Escape Compliance audits are no walk in the park, especially for a fast-growing company managing a high volume of APIs. For Lightspeed, a global leader in commerce solutions, the challenge was clear: 🌐 Complex GraphQL APIs powering core products. 🛠️ High standards to meet, including PCI DSS and GDPR compliance. 🚀 The need to secure dynamic queries and nested vulnerabilities in a business context. Their existing tools? Not built to handle GraphQL’s flexibility and complexity. That’s where Escape came in. With Escape, Lightspeed gained: ✅ Complete visibility into exposed applications, including external shadow APIs. ✅ Detailed reporting that ensured compliance with industry standards, so they could increase focus on API security. ✅ Automated security testing that identifies vulnerabilities unique to GraphQL, like introspection abuse and data exposure. ✅ Business-logic testing to maintain robust security across a broad product spectrum. The result? 🔍 Exceptional support with GraphQL APIs. 📜 Compliance simplified, including OWASP Top 10, WASC, and CWE standards. ⚙️ Developers fixing issues at 'light speed' with detailed code snippets provided. At Lightspeed, Escape wasn’t just another tool - it was a specialized solution designed to meet the challenges of modern GraphQL environments and comprehensive compliance requirements. Find out more about how we helped Lightspeed here 👉 https://lnkd.in/eRbZkQEn
-
How Lightspeed Commerce ensures full security compliance with Escape Compliance audits are no walk in the park, especially for a fast-growing company managing a high volume of APIs. For Lightspeed, a global leader in commerce solutions, the challenge was clear: 🌐 Complex GraphQL APIs powering core products. 🛠️ High standards to meet, including PCI DSS and GDPR compliance. 🚀 The need to secure dynamic queries and nested vulnerabilities in a business context. Their existing tools? Not built to handle GraphQL’s flexibility and complexity. That’s where Escape came in. With Escape, Lightspeed gained: ✅ Complete visibility into exposed applications, including external shadow APIs. ✅ Detailed reporting that ensured compliance with industry standards, so they could increase focus on API security. ✅ Automated security testing that identifies vulnerabilities unique to GraphQL, like introspection abuse and data exposure. ✅ Business-logic testing to maintain robust security across a broad product spectrum. The result? 🔍 Exceptional support with GraphQL APIs. 📜 Compliance simplified, including OWASP Top 10, WASC, and CWE standards. ⚙️ Developers fixing issues at 'light speed' with detailed code snippets provided. At Lightspeed, Escape wasn’t just another tool - it was a specialized solution designed to meet the challenges of modern GraphQL environments and comprehensive compliance requirements. Find out more about how we helped Lightspeed here 👉 https://lnkd.in/eRbZkQEn
-
Embedding security testing into CI/CD workflows is no longer optional, it’s essential. APIs are being updated faster than ever. But manual security testing? It often can’t keep up. This leads to: ⏳ Slower workflows ⛔ Delayed feedback for developers ❌ Missed vulnerabilities that could reach production With Escape, you can integrate security directly into your CI/CD pipeline and automate API security testing. How? Escape will: ✅ Detect vulnerabilities on every commit—so no issue slips through to production. ✅ Provide instant feedback to developers with clear, actionable insights. ✅ Scale effortlessly to match the speed of modern development workflows. ✅ Support APIs of all kinds, ensuring robust security coverage. You no longer have to choose between speed and safety. With CI/CD integration, you will get secure APIs, faster releases, and all with no disruption to your development process. Turn your DevOps into DevSecOps and get your developers on board with security by building it right into the pipeline. Want to see how it works? Get a personalized demo now 👉https://lnkd.in/e-ighN-5?
-
🔍 Tired of vague vulnerability reports slowing you and your developers down? We all know finding vulnerabilities is only half the battle. 𝗙𝗶𝘅𝗶𝗻𝗴 𝘁𝗵𝗲𝗺 𝗲𝗳𝗳𝗶𝗰𝗶𝗲𝗻𝘁𝗹𝘆 is what you’re truly aiming for. The problem? ➡️ Generic reports frustrate developers and disrupt workflows. ➡️ Contextless "fixes" lack framework-specific details, slowing remediation. ➡️ This leaves vulnerabilities lingering far longer than they should. Modern development cycles are fast. Security needs to move just as quickly, and work with developers, not stand in their way. This is where 𝗰𝘂𝘀𝘁𝗼𝗺 𝗿𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗶𝗼𝗻𝘀 come in. 🔧 Escape has taken this a step further with remediations tailored for developers: ⚙️ 𝗗𝗲𝘁𝗮𝗶𝗹𝗲𝗱 𝗿𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗶𝗼𝗻 𝗰𝗼𝗱𝗲 𝘀𝗻𝗶𝗽𝗽𝗲𝘁𝘀 that fit your environment, not generic copy-paste fixes. 🔗 Seamless workflows: From vulnerability detection → ticket creation → prioritized fixes. 💡 Clear, actionable steps provided in context, which reduces friction. What’s the impact? ✅ Developers can immediately implement fixes with remediation code. ✅ Accelerated remediation cycles that close the gap between detection and remediation. ✅ Fixes are consistent and reliable across teams. ✅ Reduce remediation costs and increase revenue by accelerating the go-to-market of secure applications. ✅ Implement security at scale effortlessly. No more vague findings or endless back-and-forth between security and dev teams. Developers get clear, precise guidance in the tools they already use. 🚀 This is how you make your 𝗦𝗗𝗟𝗖 𝘀𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗱𝗲𝘀𝗶𝗴𝗻—𝗲𝗳𝗳𝗶𝗰𝗶𝗲𝗻𝘁, 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱, 𝗮𝗻𝗱 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿-𝗳𝗿𝗶𝗲𝗻𝗱𝗹𝘆. ⚡ Curious to see how it works? Get a personalized demo with our team to see how our custom remediations can reinvent your workflow 👉 https://lnkd.in/eJ7AFF8S?
-
Our final newsletter of the year is here! The year may be coming to a close but things certainly haven't been slowing down at Escape 📈 It's like Christmas has come early, because we have so much to share with you! 🎁 Monumental product updates 🎁 Countless pieces of content to catch up on 🎁 API quiz to test your security knowledge 🎁 and so much more! Read through the newsletter to ensure you don't miss out on anything we've had going on and we cannot wait to see you in the next edition in 2025 with so many more exciting developments.
-
New Kubernetes Integration is live 🎉 Escape now integrates with Kubernetes to help you discover APIs running in your clusters! Modern Kubernetes deployments often house countless APIs, making visibility and security a challenge. With this new integration, you can: ✅ Identify both documented and shadow APIs in your Kubernetes clusters ✅ Gain frequent visibility into exposed services ✅ Reduce associated operational risks and improve your API governance Not sure if your Kubernetes clusters have APIs or whether they're vulnerable? Now’s the perfect time to find out with a little help from Escape 👉 https://escape.tech/
-
𝗗𝗼 𝘆𝗼𝘂 𝗵𝗮𝘃𝗲 𝘄𝗵𝗮𝘁 𝗶𝘁 𝘁𝗮𝗸𝗲𝘀 𝘁𝗼 𝗺𝗮𝘀𝘁𝗲𝗿 𝗼𝘂𝗿 𝗾𝘂𝗶𝘇? 💥 After unveiling our API Security Maze quiz at API Security Day in Paris, we overwhelmingly received requests to publish it and it is now out! Test your knowledge on all things API security and see how well you do 👀 26 questions, some straightforward and some more thought-provoking 🤔, we've included a wide range for you to see if you know your stuff. Try it out now! 👉 https://lnkd.in/gfTG82_2