API Security

What is API security?

• Focuses on strategies and solutions to understand and mitigate the vulnerabilities and security risks of APIs.

• APIs have become a target of attackers due to the application logic and sensitive data exposed by them.

Three common types of mismanaged API

• Shadow APIs - developed for testing purposes

• Deprecated APIs - outdated functionality, no longer recommended for consumption and could be forgotten, most likely not maintained

• Unauthenticated APIs - rushed releases, misunderstanding who is supposed to be securing it

OWASP API Top Ten

• Refer to crAPI for a few examples.

• It is best practice never to leave any sensitive data or operational details left exposed in APIs.

crAPI

• Refer to KSS slides for more info.