Security Access Setup

Like teaching a security guard your secret handshakes – an interface for users to show Akto their security checkpoints and give it a VIP pass, so it can do better testing and catch sneaky vulnerabilities.

Project Timeline

2 Days

Tools

Figma & Notion

My Role

Founding Product Designer

Overview

Akto solves two big problems for security teams: helping them build an inventory of their APIs and automating their testing. When Akto understands what kind of authentication mechanism a company uses and gets higher authority access (like admin), it can find more vulnerabilities in their application. Think of it like a security guard who needs to know both how to check different types of IDs and have a master key to properly inspect all areas.

For example, a company making an API request might use different types of auth - shown here is Authorization for user identity, X-API-Key for service access, and Cookie for session tracking.

Or sometimes it's as simple as using just cookies - like "JSESSIONID" here - to validate who's making the request.

Problem Statement

At Akto, we realized that users get the most value when they find vulnerabilities as soon as possible in their journey. For this, identifying the authentication type and testing role early expands our testing scope and helps users reach their "aha moment" faster.

Challenges

Authentication in modern organizations is complex. Each team might use different mechanisms - from simple API keys to complex OAuth flows. Just like how every building in a city might have different security systems - some use key cards, others use biometrics, and some use both. We faced two key challenges:

  1. No standardization exists across organizations for authentication. Our solution needed flexibility to handle this complexity while keeping the configuration process simple.

  2. Security teams often lack complete visibility into auth mechanisms across all their services. Asking for manual configuration upfront would create a significant barrier to entry.

Research & Discovery

User Insights 👥

Through user interviews, I discovered that security engineers rarely have a comprehensive view of authentication mechanisms across their services. Making them configure everything manually before seeing value from Akto would likely lead to drop-offs.

Technical Feasibility 🛠️

Working with our development team, we explored ways to minimize user input while maintaining effectiveness. This led to a key insight: we could analyze API traffic to suggest likely authentication types.

The Solution

Automatically detects and suggests authentication types based on API traffic analysis

  1. Presents suggested configurations in an easy-to-review format

  2. Allows quick modifications if the suggestions need adjustment

  3. Provides a simple interface for adding custom authentication types & configuring test roles.

This approach solved both key challenges:

  • Users get immediate value through automatic detection

  • The interface remains flexible enough to handle complex authentication scenarios