DevOps

Do APIs put businesses at risk?

September 20, 2021
Experian had a high-profile API breach earlier this year, but there were many others, and that’s why today’s columnist, Lebin Cheng of Imperva, says security teams must make API security a top priority in the year ahead. Credit: Experian Images
  • Prioritize visibility. Identify all APIs within the enterprise and have visibility into the traffic accessing those APIs.
  • Apply automation and machine learning to assess API behaviors. Do this preferably early in the development and testing stage. Evaluate against risk-based policies, and determine appropriate actions for mitigating the threats -- particularly data exchange patterns so that runtime protection can be enabled based on an always up-to-date baseline of behavior.
  • Establish a feedback loop. Develop communications between DevOps and SecOps that helps developers address vulnerabilities efficiently through enhancing API design and security testing.
prestitial ad