Secful (YC W16) Prevents API Attacks Automatically and in Real-Time

by Y Combinator3/21/2016

In recent years, it’s become clear that APIs are very vulnerable to security
breaches. Facebook, Snapchat, Marriott, Delmarva Power, TurboTax, and
Twitter are just a small portion of the growing list of companies that
have been breached through their API. Research indicates that 84% of all
cyber-attacks are happening at the application layer, rendering
companies’ existing network security protections insufficient.

Secful is a company launching out of our Winter 2016 class that prevents API attacks, automatically and hands-free. Secful
secures enterprises’ APIs by detecting and profiling
attackers in real-time and creating custom-tailored protection against them.

Every attack begins with the same phase:
Reconnaissance. During this time, an attacker understands how the API
should be used. Afterwards, the attacker actively researchers a
company’s endpoints for vulnerabilities. Usually these trial-and-error
attempts go unnoticed until a breach actually occurs. Until now.

tracks all of the attacker’s activity from the very beginning, and
creates a profile that contains an up-to-the-minute attack timeline,
along with essential information to prevent the attack. Most
importantly, Secful highlights the most dangerous potential attacks so
that companies can handle them first.

Find out more about Secful and request a demo at, and check out the video below.


YC News


  • Y Combinator

    Y Combinator created a new model for funding early stage startups. Twice a year we invest a small amount of money ($150k) in a large number of startups (recently 200). The startups move to Silicon