“We selected the name ‘Pynt’ for its brevity, memorability, and its embodiment of our affinity for developers and a good beer,” explained Tzvika Shneider, co-founder and CEO of Pynt when asked about the company’s name. “As we like to say, ‘A Pynt a day keeps your CISO away…'”
Pynt’s mission is to assist developers and security professionals in simplifying and automating API security testing. The Tel Aviv-based company recently announced that it has successfully secured a $6 million seed funding round, led by early-stage fund Joule Ventures, with participation from Dallas VC and Honeystone VC.
The company’s co-founders include CTO Ori Goldberg, CSO Golan Yosef, and CPO Ofer Hakimi, who together previously developed Harman’s automotive cybersecurity solution.
Given the scarcity of cybersecurity professionals, Pynt aims to automate the process of API security testing by integrating with tools such as Postman and Newman, which are already widely used for testing internal and external APIs. Notably, Abhinav Asthana, CEO and co-founder of Postman, is an angel investor in Pynt.
Pynt’s users can access the service through the Postman app or as a Newman command line wrapper. The service takes a team’s existing functional tests and constructs security tests around them by default. It can detect common OWASP vulnerabilities, including issues like user data exposure to unauthorized users, SQL injections, local file access, and ignored authentication tokens.
Tzvika Shneider commented on the importance of API security, saying, “API security is a paramount concern for security professionals and business stakeholders alike. Opening up an API to your application and data is akin to unlocking the doors to your fortress. These doors should be designed to be secure, and they should be vigilantly guarded by both the ‘door makers’ and ‘guards.'”
Moreover, Pynt’s comprehensive awareness of all the APIs used and exposed by a company provides teams with enhanced visibility into their overall security status. Shneider emphasized that Pynt not only identifies vulnerabilities early on but also equips teams to proactively address them throughout the API development process.
Shneider added, “It’s all about securing your APIs while providing you with the tools and support needed to confidently manage your security journey, right from the heart of development.”
Numerous Fortune 500 companies have already adopted Pynt’s service, and the 10-person company intends to utilize the new funding to further enhance its “self-serve platform that magically identifies and automatically resolves security issues.”
Many of Pynt’s core features are available in its free community edition, with additional features, such as the API catalog, single sign-on support, and API gateway integrations, offered as part of its paid enterprise plan.
Brian Rosenzweig, founding partner at Joule Ventures, praised Pynt’s innovative approach to pre-production API security, stating, “Pynt’s unique approach to securing APIs pre-production is the next logical step for the growing number of enterprises looking to embrace ‘shift left’ best practices. This Pynt team has an exceptional combination of experience, technical acumen, and vision and is poised to make a significant impact in the API Security market.”
