IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Industry-first comprehensive risk-based API security enhances protection
Wed, 22nd Jun 2022
FYI, this story is more than a year old

Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.

APIs have benefits like allowing an application's clients to interact with its server or affording two applications the means to interact with each other, such as in the case of machine-to-machine communication.

But these benefits are also a problem, as APIs are generally publicly available, and well documented, and reverse-engineering them is straightforward, which is precisely how they've become the primary attack surface that hackers set their sights on.

As businesses increase their reliance on APIs, the need for API security is only going to grow as well.

The key to ensuring robust API security is putting in place strategies and procedures to manage vulnerabilities and security threats to the API.

While at its core, it centres around three broad security areas (application security, network security, and information security), it also factors in security issues such as validating content, controlling access, limiting rates, monitoring and analytics, throttling, data security and identity-based security.

API security is all the more important because APIs can be used to transfer sensitive data.

Securing these platforms guarantees that messages remain confidential by only making them available to applications, users, and servers with proper permissions to access them.

It also ensures the integrity of the content by preventing the message from having any opportunity to be altered after it has been transmitted.

In response to the growing demand for a solution, Indusface has released a new offering through the AppTrana platform, API Protection, which is a game-changer for the way organisations protect their most critical infrastructure.

Changing the way businesses protect vital assets

AppTrana's API Protection is focused on two key areas: risk-based fully managed security and making this security -unique to API protection.

AppTrana's approach and dedication to ensuring businesses can have straightforward protection have earned it significant praise in the industry, with Gartner ranking it as a customers' choice in every segment of its Voice of the Customer report for 2022.

The API Protection module builds on everything Indusface stands for with its AppTrana offering, providing customers with exactly what they need to proactively prevent cyber attacks and keep their businesses running smoothly.

This includes ways to easily understand the risk posture of their APIs, API-specific rules created to explicitly protect against OWASP Top 10 API vulnerabilities, and protection based on behaviour to defend against DDoS attacks and BOT attacks.

In addition, AppTrana's latest offering will analyse swagger (OpenAPI 2.0) files and give customers positive security for APIs by creating automated positive security policies as well as offer visibility into API traffic patterns and enable customers to discover shadow APIs.

Taking it a step further, API Protection will also accurately give users a real-time view of the vulnerabilities blocked by API-specific rules, positive security policies, custom rules and rules that need fixes in the application.

What makes AppTrana's risk-based approach for APIs is that it uses postman files.

Users can test a range of security checks on web applications, but APIs require a more complex solution.

Indusface has designed API Protection around postman files so that AppTrana can understand which APIs a customer needs scanning and details including parameters, values, common, dynamic values used in more than one API (postman variables), the sequence that the APIs should be called in and the dependencies between APIs.

Because postman files are a common way of testing APIs in the development cycle, they usually contain all the required information.

AppTrana adds to this by looking at the postman files before it begins the scan and adding any further insights that will help its scanner generate more valuable results.

At the end of a scan, the team then manually verifies the results to ensure there are no false positives and publishes the data for the customer.

Learn more about API Protection and how it can save your business from hassle and hacks here.