May 11 2023
Apr 11 2023
There is a widespread and rapidly increasing reliance on APIs in applications and architectures today. Unfortunately, this rapid increase makes APIs an appealing target for bad actors.
To better understand why API security has become a priority, let’s start by looking at how the Open Web Application Security Project (OWASP) has approached it.
OWASP is a non-profit organization specializing in web application security. Their recommendations have become the gold standard for securing web applications and APIs. A list of the ten most prevalent attack vectors is the OWASP Top 10, and security professionals and business owners alike should be acutely familiar with it.
StackPath can proudly boast that we protect against all the OWASP Top 10 attacks—and do so better than the competition, according to an independent study by SecureIQ Lab—making us a top choice for businesses looking to achieve that “gold standard.”
In recent years, OWASP has turned its attention to API security and published an OWASP API Top 10 list – a fitting choice considering that research shows that API attacks increased by a staggering 681% between 2021 and 2022.
Before you can start talking about API security, businesses first need to understand how their APIs are being used and—more importantly—what APIs are being used.
The newly launched API Discovery for StackPath WAF helps with precisely that.
API Discovery is a new feature offered by StackPath for our WAF Professional and WAF Enterprise customers that provides automatic and manual discovery for the cataloging of APIs. This invaluable service takes all the guesswork of API management out of the day-to-day responsibilities of development teams.
Think of this, web application owners of a large enterprise with teams of 30–50 developers likely have more API endpoints than they know. This leaves them vulnerable to attacks via those unknown, unmanaged endpoints. Through its automatic network traffic scanning capabilities, API Discovery will look at all requests coming into your application and intelligently flag those that appear to be API requests. Once identified, these potential APIs will populate in the appropriately named Potential API tab. From here, you can investigate each line item and decide whether or not it is an authorized API.
Once you have decided it is a legitimate, authorized API, you can move its status from Potential to Confirmed, and it will move to the API Baseline tab.
Baselined APIs can be added to groups and tagged with StackPath’s out-of-the-box tags or custom tags for more advanced analytics and API path editing.
Simply put—API Discovery for StackPath WAF will become your one-stop-shop for API identification and management, making it a crucial first step towards adopting API security.
To learn more about API Discovery, including how our manual and automatic discovery methods work, check out this knowledge article.
Upgrade to WAF Professional or WAF Enterprise today to start using API Discovery by contacting SP// sales.