Skip to content

Escape + Wiz: Unified Cloud Security, Application Discovery and DAST for Modern Applications

Overview of the Integration

wiz-banner.png

Security can’t work in silos. Now more than ever, companies must embrace a holistic approach to security that spans all aspects of modern technology stacks. As cloud adoption accelerates and application environments grow more complex, understanding what’s exposed—and mitigating risks—across the full spectrum, from code to the cloud, has become essential.

Vendors, too, have a responsibility to deliver integrated solutions that bring joint value to both security and development teams.

Escape and Wiz bring together two unique strengths: Wiz excels at identifying Cloud infrastructure vulnerabilities, while Escape dives deep into the application layer to uncover risks like API exposures, sensitive data leaks, and business logic flaws. By joining forces, we’re bridging critical gaps and empowering security and development teams to work smarter, faster, and build more secure applications.

To ensure continuous security improvement, engineering and security teams must collaborate seamlessly to build secure applications deployed in the Cloud. As modern applications evolve, the boundaries between application code and Cloud infrastructure grow increasingly blurred, requiring an integrated approach to protect them effectively.

Escape brings deep application-layer expertise, using proprietary algorithms to secure modern architectures such as APIs, microservices, and SPAs from the development phase onward. Wiz, on the other hand, has redefined cloud security with its comprehensive Code-to-Cloud vision, encompassing Wiz Code, Wiz Cloud, and Wiz Defend. Together, these two platforms create a powerful partnership.

By bringing together Escape and Wiz, we aim to provide customers with a richer, more actionable perspective on their external attack surface. Instead of just knowing what is exposed to the Internet, customers can now understand what happens at the application layer, deeper than the network layer, learn about data overexposure, and streamline prioritization and remediation of CWE findings as part of the security Graph.

How it works

wiz-schema.png Escape’s Integration with Wiz, from EASM to DAST & ASM Vulnerability Enrichment

  1. Wiz External Attack Surface Management finds exposed cloud resources and hands them over to Escape.
  2. Escape Inventory then identifies, fingerprints, and classifies these resources as specific application assets—such as APIs, Single-Page Applications (SPAs), and more.
  3. With this enriched information, Escape Agentless Security Testing runs at scale on the applicative assets, including APIs, without needing any network interception or agent installation.
  4. Coming Soon: Finally, all the vulnerabilities, exposed secrets, findings and remediations are fed back into the Wiz Security Graph using DAST & ASM Vulnerability Findings enrichment, merging both infrastructure and application-level insights into a single, unified view.

Integration Benefits

For many large organizations, the hard part isn’t just running a scan; it’s figuring out who actually owns each piece of exposed infrastructure or application. With hundreds (if not thousands) of APIs, SPAs, microservices, and backend systems floating around, the process of mapping resources to the right teams and stakeholders can drag on for months—or even years. Traditional tools can flag a vulnerability in a heartbeat, but if no one knows who’s responsible, you’re stuck in endless spreadsheets and stakeholder chasing.

This is where the Escape + Wiz integration changes the game. Security teams already using Wiz have invested significant effort in mapping their cloud resources to owners. Now, when Escape discovers new APIs or SPAs, we instantly correlate those findings with the existing ownership data in Wiz. That means every newly exposed endpoint, secret, or vulnerability (CWE) identified by Escape automatically inherits the same ownership mapping Wiz already has on file.

Why is that so unique and useful?

  1. Immediate Assignment: The moment Escape flags a security issue, you know exactly which team needs to address it. No more guesswork, no more rummaging through outdated confluence pages or domain registries.
  2. One Unified View: All vulnerabilities and CWEs—from exposed S3 buckets to API logic flaws—flow into a single interface. This “single pane of glass” eliminates information silos and drastically reduces the likelihood of serious issues slipping through the cracks.
  3. Acceleration of Remediation: When ownership data is at your fingertips, the gap between detection and remediation shrinks from weeks or months to days or even hours. It’s not just about finding vulnerabilities; it’s about fixing them fast.
  4. Practical Code-to-Cloud Security: Large organizations often struggle to bridge application-level exposures with cloud infrastructure insights. Now, they can see both in one place, track them back to the same responsible teams, and reduce friction between dev, ops, and security.
  5. Reduced Operational Overhead: Security Engineers spend less time “hunting” for who owns what. Instead, they can devote their energy to actually securing the organization. That leads to more strategic work, less administrative burden, and a meaningful drop in burnout.

In short, this integration addresses one of the biggest pain points in enterprise security. Instead of letting ownership mapping remain an endless project management slog, Escape + Wiz transforms it into an automated, real-time process. Security and development teams can now focus on what truly matters: closing the gaps before attackers exploit them. And that’s a genuine revolution in how modern organizations manage risk.

wiz-screenshot.png

Connecting Escape and Wiz

Escape requires the following credentials to connect to your Wiz account:

  • Client ID
  • Client Secret
  • Token URL
  • API Endpoint URL

Getting your API Endpoint URL:

  1. Navigate to your user profile
  2. Copy the API Endpoint URL

Getting your Client ID and secret:

  1. Navigate to Settings > Service Accounts in the Wiz dashboard
  2. Click Add Service Account
  3. Configure the account:
    • Name: Escape Integration
    • Optional: Narrow scope to specific projects
  4. Select the following permissions:
    • read:resources
    • read:network_exposure
    • read:projects
    • create:external_data_ingestion (for External Enrichment)
    • read:system_activities (for External Enrichment)
  5. Click Add Service Account
  6. Copy the Client Secret immediately - it cannot be viewed again
  7. Copy the Client ID from the Service Accounts page