Innovation Insight for API Protection
According to Gartner, “Web API traffic and attacks are growing in volume and severity. New approaches complement traditional web application security measures with specific API security functionality. Security and risk management leaders should identify when to seek this added protection.”
The Gartner report also states the following recommendations that to protect their APIs, security and risk management leaders should:
- Start by discovering and categorizing your APIs. Perform threat modeling to identify the specific security mechanisms required to mitigate your risks.
- Assess the API protection provided by your current WAAP or gateway. If your risk mitigation requires additional API protection, investigate API security specialists that can provide an additional layer of protection.
- Address the security analysis workload that behavioral anomaly detection may generate by using either an internal security operations center (SOC) or a managed service.
- Perform an application security testing (AST) or penetration testing exercise to uncover business logic issues that may otherwise remain hidden.