Skip to content

Escape + Wiz: Unified Cloud Security, Application Discovery, ASM, DAST, and AI Pentesting for Modern Applications

Escape and Wiz help customers understand the full context, assign clear ownership, and empower security and development teams to work smarter, faster, and more confidently to integrate security into applications early in the development lifecycle.

Overview of the Integration

Escape and Wiz integration

As cloud adoption accelerates and application environments grow more complex, understanding what's exposed—and mitigating risks—across the full spectrum, from code to the cloud, has become essential. Escape and Wiz bring together two unique strengths: Wiz excels at identifying cloud infrastructure vulnerabilities, while Escape focuses on the application layer through ASM, DAST, and AI Pentesting to uncover risks such as API exposures, sensitive data leaks, and business logic flaws. Together, Escape and Wiz help customers understand the full context, assign clear ownership, and empower security and development teams to work smarter, faster, and more confidently to integrate security into applications early in the development lifecycle.

Integration Benefits:

  1. Practical Code-to-Cloud Security: Large organizations often struggle to bridge application-level exposures with cloud infrastructure insights. Now, they can correlate both from Escape & Wiz, track them back to the same responsible teams, and reduce friction between dev, ops, and security.
  2. Immediate Assignment: As soon as Escape finds a security issue through ASM, DAST, or AI Pentesting, it becomes a Wiz issue on the associated Wiz application, and you know exactly which team needs to address it. No more guesswork, no more rummaging through outdated confluence pages or domain registries.
  3. Reduced Operational Overhead: Security Engineers spend less time "hunting" for who owns what and how to prioritize your API and Web App risks. Instead, they can devote their energy to actually securing the organization.
  4. Acceleration of Remediation: When ownership data is at your fingertips, the gap between detection and remediation shrinks from weeks or months to days or even hours. This empowers you to confidently integrate security into applications early in the development lifecycle.
  5. One Unified View: From exposed network services to API logic flaws, all vulnerabilities and CWEs flow into a single Wiz interface. This "single pane of glass" eliminates information silos and drastically reduces the likelihood of serious issues slipping through the cracks.

Discovered Resources

The Wiz integration automatically discovers the following resources from your Wiz account:

  • Network Exposures: External attack surface resources identified by Wiz's cloud security platform
  • Cloud Resources: Infrastructure resources (APIs, web applications, services) exposed to the internet

The integration imports network exposure data from Wiz, identifies exposed APIs and web applications, and automatically classifies them as Assets in Escape's ASM. This enables bi-directional enrichment where Escape findings from ASM, DAST, and AI Pentesting are fed back into Wiz with full context and remediation guidance.

Default Asset Status

Assets imported from Wiz are automatically set to out-of-scope status by default, preventing external assets discovered by Wiz from being unintentionally added to your active ASM scope. You can manually update the status of individual assets in Escape's ASM after import.

How it works

Escape and Wiz integration workflow: detect, enrich, route, resolve Escape's integration with Wiz, from EASM to ASM, DAST, and AI Pentesting vulnerability enrichment.

  1. Wiz External Attack Surface Management finds exposed cloud resources and hands them over to Escape.
  2. Escape ASM then identifies, fingerprints, and classifies these resources as specific Assets—such as APIs, Single-Page Applications (SPAs), and more.
  3. With this enriched information, Escape runs ASM, DAST, and AI Pentesting at scale on the Assets, including APIs, without needing any network interception or agent installation.
  4. Finally, all the vulnerabilities, exposed secrets, findings and remediations are fed back into the Wiz Security Graph, merging both infrastructure and application-level insights into a single, unified view.

Better together

With the number and complexity of modern cloud-native applications increasing, securing them has become critical for organizations. Escape's integration with Wiz provides a unified solution for the security of modern cloud-native applications from code to cloud.

Escape ingests network exposure data from Wiz, then runs ASM discovery, large-scale DAST, and AI Pentesting to uncover business logic vulnerabilities, API misconfigurations, and sensitive data leaks. Each newly identified security finding and corresponding remediation are fed back into the Wiz, merging both infrastructure and application-level insights into a single, unified view. By consolidating findings into one seamless workflow, organizations gain end-to-end visibility across all environments, prioritize threats with full cloud context, and enhance security—without slowing development speed.

Use case overview

Secure cloud-native APIs, SPAs, and microservices, even at the business logic level. Organizations with large or rapidly scaling technology stacks need a solution that not only identifies but also helps resolve threats without compromising development speed.

Challenge

Modern applications are becoming increasingly complex and are often prime targets for attackers. With hundreds (or even thousands) of APIs and SPAs, finding business logic vulnerabilities and mapping resources to the right stakeholders for remediation can be time-consuming. Security teams often struggle to connect application-level vulnerability findings with cloud infrastructure insights, spending valuable time figuring out ownership and how to prioritize API and web app risks.

Solution

Escape's integration with Wiz empowers organizations to secure modern applications by combining Escape's ASM, DAST, and AI Pentesting with Wiz's agentless ASM, misconfiguration detection, and dynamic exposure scanning. Using previously ingested and enriched Wiz resources, Escape identifies business logic vulnerabilities, API misconfigurations, and sensitive data leaks, then feeds these findings—including CWE classifications and remediations—directly into Wiz. This integration enriches security teams with valuable context and ownership data, enabling them to prioritize and remediate vulnerabilities more effectively. With this unified solution, organizations can detect risks quickly, gain clear ownership insights, and confidently embed security early in the development lifecycle.

wiz-screenshot.png Escape Vulnerability Finding with Remediation imported into Wiz

Setup the Integration

wiz-setup-3.png

You can connect Escape directly from the Wiz dashboard. For setup instructions, follow Wiz's documentation on the Wiz-Escape integration.

After creating the integration on app.wiz.io, Wiz provides these credentials: Client ID, Client Secret, API Endpoint URL, and Authenticate API. Copy them and paste them into Escape's Wiz integration creation form.

Dual-Binding Integration with ASM, DAST, and AI Pentesting Vulnerability Findings External Enrichment

Pushing Escape's Results directly into Wiz is available using Escape's Workflows. To enable this integration, you need to create a new Workflow and choose your Wiz integration as the destination.

wiz-workflow.png Example of an Escape Workflow to push findings into Wiz

Severity Mapping

The severity mapping between Escape and Wiz follows a 1-1 correspondence: Critical severity findings in Escape are marked as Critical in Wiz, High severity findings in Escape are marked as High in Wiz, Medium severity findings in Escape are marked as Medium in Wiz, Low severity findings in Escape are marked as Low in Wiz, and Info severity findings in Escape are marked as None in Wiz.

How the Linking Works

How do the linking between Escape findings and Wiz resources work?

  • Extracting Data: Escape extracts external exposures that include application endpoints.
  • Matching Subdomains: The subdomains found in these application endpoints are matched against the API services in Escape ASM.
  • API Discovery: Escape also searches for any APIs that do not yet exist in Escape ASM.
  • Linking to Wiz: Findings are matched to Wiz assets by endpoint (host, port, protocol) and pushed to Wiz through an Escape Workflow bound to your Wiz integration.
  • Batching Uploads: Exports are batched and synced on a daily schedule. Wiz expects a full snapshot of open issues per asset on each upload.

Using Wiz in Workflows

Wiz can be used as an export action in workflows to automatically export resources to Wiz when workflow conditions are met.

Configuration

When creating or editing a workflow:

  1. Go to WorkflowsCreate (or edit an existing workflow)
  2. In the Actions step, add an Export action
  3. Select Wiz as the integration type
  4. Select your Wiz integration from the dropdown
  5. Configure the following:

Minimum Severity

  • Minimum Severity: Select the minimum severity level of issues to export to Wiz. Only issues with this severity level or higher will be exported.

wiz-workflow-form

Resource Export

Resources that triggered the workflow will be exported to Wiz using the selected integration. This enriches the Wiz Security Graph with data from Escape scans.

Usage

Exporting Resources to Wiz

Once a workflow with a Wiz export action is configured, Escape syncs open findings to Wiz on a daily schedule (not on every workflow trigger). This data enriches the Wiz Security Graph, providing additional context about your API security posture.

The exported data includes:

  • Issue details (severity, category, context)
  • Asset information
  • Scan metadata
  • Remediation guidance

This integration allows you to centralize security findings from Escape in your Wiz Security Graph for comprehensive security visibility.

Please note that due to the lifecycle of external issues at Wiz and Escape, issues may take up to two days to update in Wiz interface.