Insecure implementation of API

can risk your data, customers and reputation

                implementation of API can risk your data

Insecure implementation of API can risk your data, customers and reputation

February 23, 2020 10:50 am

APIs, or Application Programming Interfaces, are critical to innovation and driving business today. They give your users, customers and partners rich, seamless yet simple data sharing and operational experiences.
But because of their exposed nature, APIs can also open your business and data up to countless threats. And as businesses continue to add new API connections, the problem expands. The damage potential to reputation, customers and data is enough to make the whole SOC staff cringe (yes – from CISO all the way to the Sec-admins and DevSecOps). I also wrote a mini-whitepaper about this threat and how to address it.
Anyway – API gateways solve the API management problem, acting as a single point for API lifecycle and policy management as well as an access interface, but API cyber security is a completely different ballgame.
To understand why this is the case, let’s simplify this with an analogy; consider an air traffic control system—It knows where each plane is allowed to land, which countries’ airspace it can cross, what altitudes it’s supposed to fly at, how often it flies, how many passengers are on board, the routes for each specific airline, and almost any other parameter that has to do with air traffic, routes, and airplanes.
But, what an air traffic control system *cannot* know is which passenger intends to hijack the plane, smuggle dope, or carries the corona virus.
Similarly, an API gateway can direct API traffic to its ‘landing’ point, but it cannot tell which request contains a zero-day SQL-injection or was sent by a malicious bot, thereby allowing dangerous threats to enter and be the undoing of all your efforts.
That’s why a different type of a solution is emerging, an AI-based inline solution that actively secures API communications in real time while autonomously ‘learning’ and adapting to the ever-changing API traffic and content. That’s a new generation of API protection that is based on advance unsupervised-learning engine.
You can read more about this type of solutions here.