How Risky are Your APIs?

Like this? Share it with your network

Share

How Risky are Your APIs?

  • 5,458 views
Uploaded on

The emergence of the Application Economy, where the application becomes the primary point of contact between the business and the customer, is made possible through the use of Application......

The emergence of the Application Economy, where the application becomes the primary point of contact between the business and the customer, is made possible through the use of Application Programming Interfaces (APIs) to link front-end applications to back-end information systems. But many of the security threats that plague the web can be even more of a problem for APIs. This presentation explains the potential risks of APIs and highlights the three most common forms of attack.

The SlideShare is based on a recent eBooklet published by Scott Morrison of CA, Five Simple Strategies for Securing Your APIs http://bit.ly/1rjEhBd, which not only goes into much greater detail on the threats but lays out five simple steps that organizations should be taking today to reduce their risk.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
5,458
On Slideshare
4,880
From Embeds
578
Number of Embeds
29

Actions

Shares
Downloads
14
Comments
0
Likes
1

Embeds 578

https://twitter.com 284
http://www.sys-con.com 69
http://cloudcomputing.sys-con.com 45
http://java.sys-con.com 43
http://linux.sys-con.com 25
http://iot.sys-con.com 16
http://security.sys-con.com 14
http://bigdata.sys-con.com 12
https://www.linkedin.com 9
http://appwworld.ulitzer.com 9
http://jackiekahle.ulitzer.com 8
http://cio.ulitzer.com 6
http://dashboard.ulitzer.com 5
http://dotnet.sys-con.com 4
http://gemsadmin.sys-con.com 4
http://www.linkedin.com 4
http://sec.ulitzer.com 3
http://feedly.com 3
http://soa.sys-con.com 3
http://it-strategy.ulitzer.com 2
http://www.thingsexpo.com 2
http://tweetedtimes.com 1
https://www.rebelmouse.com 1
http://www.ulitzer.com 1
http://analyst.ciradar.com 1
http://apache.sys-con.com 1
http://news.google.com 1
http://cloudcomputing.sys-con.com&_=1406734216223 HTTP 1
http://jackiekahle.sys-con.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. How Risky Are Your APIs?
  • 2. Application Programming Interface (API) use is exploding! • 12,000 public APIs and growing • Companies are discovering how powerful APIs can be for integrating applications, especially in mobile apps. • http://www.programmableweb.com/
  • 3. APIs are everywhere • It is APIs that enable people to share photos and other social updates between Instagram, to Foursquare, to Facebook, to Twitter
  • 4. APIs are good for business • APIs drove $2 billion in business for Expedia by securely exposing valuable content to its affiliate network. • Companies across all industries are rushing to create APIs that leverage their own core applications, data, and content. • http://www.zdnet.com/blog/identity/billions-of-api-calls-traversing- web-redefining-software/493a
  • 5. APIs empower an ecosystem of third party developers • … who create new apps and revenue streams you might never have thought of.
  • 6. But there are hidden dangers to using APIs • APIs share many of the same threats that plague the web… but APIs have a unique risk profile that must be managed.
  • 7. It is a mistake to think we can secure APIs the same way we secure the web.
  • 8. APIs are like windows into an application • … windows that allow legitimate developers and hackers a direct view into the core functionality and data residing in the heart of the app.
  • 9. In the web world … • the website served as a barrier between the outside world and your inside systems. • People had to go through your web application to get what they needed, and they could only get what the website offered them.
  • 10. With APIs, that barrier doesn’t exist.
  • 11. Increased visibility isn’t the only risk from APIs • Increasing the number of potential calls also increases the attack surface, meaning that a hacker simply has more to exploit. • Risk increases with opportunity
  • 12. There are three major attack vectors to watch for: • Parameter attacks • Identity attacks • Man-in-the-middle attacks
  • 13. Parameter attacks exploit the data sent into an API • That is — URL, query parameters, HTTP headers, post content • SQL injections are among the most common parameter attack -- an old approach, but one that many systems are still vulnerable to.
  • 14. Identity attacks exploit flaws in authentication, authorization, and session tracking • These flaws are often the result of migrating bad practices from the web world into API development.
  • 15. Man-in-the-middle attacks involve an attacker sitting between the sender and receiver • APIs that are not properly configured using SSL/TLS are highly vulnerable to this form of attack.
  • 16. Five Simple Strategies to Secure your APIs • Although APIs are susceptible to a broad range of attacks, applying just five simple mitigation strategies will allow you to securely publish APIs. • Download the white paper “Five Simple Strategies to Secure your APIs” for the five steps you should take now. • Download Now