API Security Assessment
Automatically discover all your API’s and exposed sensitive data, pinpoint and block attackers, test your API’s during the build phase, & provide remediation insights from runtime learnings to harden APIs.
Why do I need an API Secuirty Assessment?
API’s are at the heart of today’s modern applications, helping organisations connect with customers and partners, drive revenue, and innovate with digital transformation initiatives.
API’s have also become the top application target for attackers, as countless high-profile breaches show. Gartner predicts that “By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.” Traditional solutions including WAF’s and API Gateways cannot protect your API’s against today’s attacks.
You can’t control what you can’t see – especially for API’s. DevOps and agile development mean new features and applications deploy all the time, increasing the number of API’s in production and how often those API’s change.
Our platform uses cloud-scale big data and AI/ML algorithms to automatically discover all your API’s and exposed sensitive data, pinpoint and block attackers, test your API’s during the build phase, and provide remediation insights from runtime learnings to harden API’s.
The Assessment
The API Security Assessment will let you answer:
How many API’s you have?
Which API’s expose sensitive data?
Are bad actors targeting our API’s?
What’s included?
A detailed inventory of discovered API’s, endpoints, parameters and sensitive data
Actionable security insights (e.g., sensitive data exposed in URL’s, JWT’s without expiration)
API Design Analysis to identify API’s not adhering to security best practices
API Drift Analysis to identify gaps between API documentation and running API’s, including undocumented API’s, endpoints, and parameters
What do I need to do?
Determine 1 or 2 crown-jewel applications where you would like to run the assessment
Deploy one of our many data collection options in production / pre-prod environment
(Optional) Deploy a Hybrid Server for local processing of sensitive data
Adjust firewall to allow outbound communications to our SaaS cloud
How long does it take?
0.5 business day - scoping, planning, implementation
2-3 business days - data discovery and analysis, report generation
What do I get?
Access to a live Dashboard to view discovered API’s and security posture insights
API Security Assessment Report