Content of Figures
Commissioned by Ping Identity
APIs are fascinating. No, really! And one does not have to be a developer or an IT expert to appreciate the impressive transformation they have gone t ...
This massive and ever-increasing growth clearly indicates that APIs are no longer just “an IT thing” – they have a very tangible impact on nearl ...Login Get full Access
- In the last decade, APIs have evolved from a purely technical, developer-centric concept towards becoming a massive enabler for new business models, ...
3 The Dark Side of the API Economy
Unfortunately, relying on lightweight and largely ad hoc REST protocols to publish or consume APIs as quickly and easily as possible means that securi ...Login Get full Access
3.1 Instagram Exposed Celebrities' Contact Details
In August 2017, the popular social media platform Instagram (owned by Facebook) revealed that an unknown hacker obtained unlawful access to a number o ...Login Get full Access
3.2 T-Mobile Leaked Sensitive Data of 2.3 Million Customer
In August of 2018, T-Mobile, an American mobile communications provider and a subsidiary of Germany’s Deutsche Telekom, was hit by a large-scale dat ...Login Get full Access
3.3 Access Token Vulnerability Allowed Facebook Profile Takeover
In late September 2018, Facebook announced that over 50 million user accounts were affected by a security glitch that potentially allowed attackers to ...Login Get full Access
3.4 US Postal Service Exposed Data of Over 60 Million Users
In November 2018, an independent security researcher publicly revealed a massive security vulnerability on the USPS website, which he initially discov ...Login Get full Access
4 What Went Wrong?
As the examples from the previous chapter demonstrate, even the largest enterprises, with massive IT budgets and large teams of security experts, stil ...Login Get full Access
4.1 The Human Factor
Perhaps the biggest challenge to API security (or any other field of information security indeed) is the inertia of human thinking. Even though APIs h ...Login Get full Access
4.2 Common API Myths
Myth #1: APIs are Technology Concept, Unrelated to the Business
Perhaps the biggest myth about APIs is that they are still just a purely technologic ...
Login Get full Access
API security should be seen as a continuous process that covers every stage of the API lifecycle - from its conceptual design (even before any code ...
4.3 The Role of Identity
Another critical aspect that sometimes gets overlooked is the role of identity in APIs and its massive influence on their security. Even though the ea ...Login Get full Access
4.4 The Scope of API security
Summarizing various points mentioned earlier, there can be only one sensible conclusion: API security is by no means easy, on the contrary – it is m ...
Unfortunately, many companies tend to stop a bit early in this process – after recognizing correctly that they have multiple such security tools alr ...Login Get full Access
4.5 Artificial Intelligence to the Rescue
Artificial Intelligence and machine learning (AI/ML) are perhaps the hottest buzzwords nowadays in nearly every industry, and this is especially relev ...Login Get full Access
Let’s summarize the key takeaways of this paper. What things do you need to consider before tackling the multidisciplinary field of API security to ...Login Get full Access
5.1 Education is Key
Contrary to what some people still believe, APIs have already become a crucial factor of your business’s operational efficiency, scalability, and pr ...Login Get full Access
5.2 Designing an API Strategy
The crucial difference between a well-designed comprehensive multi-layered API security infrastructure and just having a collection of security tools ...Login Get full Access
5.3 Know What You're Protecting
The first step in any API strategy is knowing the full extent of the assets that need protection. Discovery of all APIs within the corporate IT infras ...Login Get full Access
5.4 API Zero Trust
Identity is perhaps the most crucial context factor that defines the efficiency of modern cybersecurity solutions in any market segment. In a modern, ...Login Get full Access
5.5 Automating API Security
Finally, one should consider the tremendous efforts security experts must go through to analyze a security incident based on numerous indicators of co ...Login Get full Access