2020 is moving into the final quarter and it appears to be the year of the API security incident with MGM, Starbucks, Data Viper and Docker as just a few examples of API security incidents. The reasons are obvious – API use has exploded for both developers and bad actors. The same developer benefits of speed and flexibility are leveraged to execute an attack resulting in fraud and data loss.
In many cases, the root cause of the incident is human error. Verbose error messages, access control and authentication improperly configured. The list goes on. But why? Inexperience? Moving too quickly? Not adhering to a specification? Not trained in secure coding practices? No peer review or security review? The answer is a little bit of all of the above, as highlighted by a new API Security Best Practices Research Report published by Joe Krull from the Aite Group. The report validates security gaps in protecting APIs and makes recommendations that will benefit any organization moving towards an API centric development methodology.
Establishing and Adhering to API Security Best Practices
It’s well known that maintaining compliance or adhering to best practices is best achieved using a combination of documented recommendations (like those outlined in the report) combined with training, and technology. The technology component is where we can help. We have been protecting APIs from automated attacks for nearly 5 years now, and on a daily basis we are securing nearly half a billion APIs.
Our newest product, API Sentinel extends our API security expertise by integrating with existing API management infrastructure to discover all public-facing APIs, including those published in the shadows. It then performs a runtime analysis of your API risk and assesses their specification conformance. In short, API Sentinel can help your organization rein in your API footprint and reduce the security exposure by finding errors before they are published, or discovered. We’ve summarized the report’s seven API security core competencies below and how API Sentinel might be used to maintain adherence to the findings.
The guidance found in the report is a great start for anyone moving towards a more API-centric development methodology. API Sentinel adds a technology layer that will help you monitor, track and enforce the best practices defined. It’s a win-win scenario. Don’t take our word for it – try API Sentinel with our 30-day free trial.