"We chose 'Pynt' because it's short, memorable and reflects our love for developers and a good beer," Pynt co-founder and CEO Tzvika Shneider told me when I asked him about how the company got its name. "As we say: 'A Pynt a day keeps your CISO away…'"
Pynt hopes to do this by helping developers and security professionals more easily -- and automatically -- test their API security. The Tel Aviv-based company today announced that it has raised a $6 million seed funding round led by early-stage fund Joule Ventures, with participation from Dallas VC and Honeystone VC.
In addition to Shneider, the company's co-founders include CTO Ori Goldberg, CSO Golan Yosef and CPO Ofer Hakimi. Together, this same team previously built Harman's automotive cybersecurity solution.
With cybersecurity professionals in short supply, Pynt aims to automate API security testing by integrating with tools like Postman and Newman, which many teams already use to test their internal and external APIs today. Indeed, Postman CEO and co-founder Abhinav Asthana is an angel investor in Pynt.
Pynt's users can access the service from the Postman app or as a Newman command line wrapper. The service can take a team's existing functional tests and then build its security tests around that. By default, it can test for the most common OWASP vulnerabilities, covering common issues like user data leakage to other users, SQL injections, local file access and ignored authentication tokens, for example.
"API security is top of mind for security professionals and business stakeholders alike, and for good reason. Putting up an API to your application and data is like opening up doors to your castle. These doors should be both secure by design and well-guarded with the ‘door makers’ and ‘guards’ sharing the responsibility,” said Shneider.
Image Credits: Pynt
He also noted that since Pynt is aware of all the APIs that a company is using and exposing, it can also provide teams with more visibility into their overall security posture. "With Pynt, you're not only identifying vulnerabilities early on but also equipped to proactively handle them throughout your API's journey," he said. "It's all about securing your APIs while giving you the tools and support to confidently manage your security journey, right from the heart of development."
A number of Fortune 500 companies are already using Pynt's service and the 10-person company plans to use the new funding to, as Shneider put it, continue its work "on a self-serve platform that 'magically' finds the security issues and fixes them automatically."
Many of Pynt's core features are available as part of the company's free community edition, with additional features like the API catalog, single sign-on support and API gateway integrations as part of its paid enterprise plan.
"Pynt's unique approach to securing APIs pre-production is the next logical step for the growing number of enterprises looking to embrace 'shift left' best practices, said Brian Rosenzweig, founding partner at Joule Ventures. "This Pynt team has an exceptional combination of experience, technical acumen and vision and is poised to make a significant dent in the API Security market."