SlideShare ist ein Scribd-Unternehmen logo

Test and Protect Your API

Als PPTX, PDF herunterladen
SmartBear
SmartBear

Protect your APIs from hackers and achieve API security.

Software
1 von 24
@Axway @SmartBear #APISecurity Test & Protect Your API Practical Tips to Achieve API Security Nirvana with Axway & Ready! API 1
@Axway @SmartBear #APISecurity The API Lifecycle – SmartBear approach SmartBear Confidential and  Open source based and driven  Integrated tools for Dev/Test across API lifecycle  Extendable and easily integrated into API lifecycle workflow  Data driven and automated  Protocol and runtime independent  Leverage and reuse assets across lifecycle  Democratize advanced dev/test capabilities
@Axway @SmartBear #APISecurity  Axway technology manages interactions between applications, people and communities.  Security and integration across B2B (EDI, MFT, and APIs)  Positioned as a leader in Gartner Magic Quadrants for “On-Premises Application Integration Suites” and for “Application Services Governance” 3 About Axway
@Axway @SmartBear #APISecurity Webinar Attendee Statistics 3% 41% 56% How important is API Security to your organization? Not important at all Growing importance Very important 23% 65% 12% How much API Security testing do you do today? None Some Extensive 56% of attendees for this webinar responded that API security is “very important,” and yet only 12% are doing extensive security testing
@Axway @SmartBear #APISecurity  Security vulnerabilities related to APIs  Enabling account information exposure (Snapchat) 5 APIs – A soft underbelly for security?
@Axway @SmartBear #APISecurity 6 IRS Data Breach Insecure API Access
@Axway @SmartBear #APISecurity 7 And more security vulnerabilities…
@Axway @SmartBear #APISecurity  Insecure APIs are often the source of mobile app security issues  Sniffers can detect insecure API calls 8 Mobile App vulnerabilities are often API vulnerabilities in disguise… Source: http://www.troyhunt.com/2014/10/find-crazy-stuff-in-mobile-app.html
@Axway @SmartBear #APISecurity  Problem:  API Keys are often simply passed in URLs  &APIKey=123456  Vulnerable to sniffing and replay attacks  Amazon uses two keys:  Secret Key ID to perform HMAC signing  With detection of replay attacks  Access Key ID to identify the client 9 Beware Weak API Key Authentication
@Axway @SmartBear #APISecurity 10 The solution – API Management Configure API Keys Configure OAuth
@Axway @SmartBear #APISecurity  Managing usage quotas for APIs to prevent misuse of DoS 11 Quota Management for APIs Configure Quotas
@Axway @SmartBear #APISecurity 12 The Role of the API Gateway
@Axway @SmartBear #APISecurity  Protective Security  Content-Level Threats (XDoS, XXE, etc)  WAF functionality (OWASP Top Ten, etc)  Throttling  Policy Decision and Enforcement Point  STS- Security Token Creation, Consumption, Mediation  Dynamic Authorization  Data Flow Introspection and Governance  Integration (lightweight ESB)  Heterogeneous, Vendor Agnostic  Multiple Protocol and Standard Support  Enterprise Architecture Intelligence and Protection  SSO Enablement  Architecture wide auditing and risk analysis 13 API Gateway – Security and more
@Axway @SmartBear #APISecurity API Gateway protects against threats to Web Services / APIs including:  Unauthorised Access  Parameter Manipulation and Data Harvesting  Network eaves dropping  Disclosure of sensitive customer data  Message replay 14 Security provide by API Gateways Unauthorised Access Parameter Manipulation Virus Insertion Consumer Network Eavesdropping Message Replay Firewall API Disclosure of customer data Standard network firewalls offer no protection against these threats
@Axway @SmartBear #APISecurity Client Applications REST API SOAP/XML/REST/JSON API Manager Services Applications Data Application Developers API Portal API API Registration & Lifecycle API Catalog Partner & Policy Administration Self-Service API consumption Build developer community New channel to market brand API Developers API Administrators Self-register to resources Browse and learn APIs Manage application credentials R E S T SOAP Web Services POX, JMS, FTP Integration with non- REST API services Policy Enforcement API Gateway Register and manage API lifecycle Perform partner, policy and process admin Monitor and report API use Policy Developers Create and extend policies Integrate with applications and infrastructure API Gateways in API Management
@Axway @SmartBear #APISecurity  API breaches can result in:  Stolen data  Server attacks  Spoofing  IoT device tampering 16 API Security testing: Why is it so important?
@Axway @SmartBear #APISecurity • We want to know as much as possible about an API’s endpoints, messages, parameters, behavior • The more we know about the API’s surface – the better we can target our attack! Thinking like a hacker
@Axway @SmartBear #APISecurity  OWASP.ORG  Identify the most likely “soft spots”  Run all the scans but automate & repeat the most important ones  Don’t neglect payload analysis  Pay attention and respond quickly 18 Looking for vulnerabilities in your API
@Axway @SmartBear #APISecurity Show Me How to Protect My API 19
@Axway @SmartBear #APISecurity Demo – Scenario Bank Account API with – One method for users get balance one of their accounts – Vulnerable to SQL Injection User authentication out of scope – Focus on the SQL Injection attack
@Axway @SmartBear #APISecurity Demo – Detecting API Threats API vulnerable to SQL injections Definition imported prior to demo 1. Normal request 2. scanning GET http://<host>/account/balance?accnt=123456789 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=123456789;  Returns the balance from account 123456789 GET http://<host>/account/balance?accnt=1 OR 1=1 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=1 OR 1=1;  Returns the balance from all accounts!
@Axway @SmartBear #APISecurity Demo – Protecting Against API Threats Threat Protection API Gateway Protected API API Manager 1. Normal request 2. scanning API vulnerable to SQL injections GET http://<host>/account/balance?accnt=123456789 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=123456789;  Returns the balance from account 123456789 GET http://<host>/account/balance?accnt=1 OR 1=1 HTTP/1.1  Detected and Blocked by Axway API Gateway!
@Axway @SmartBear #APISecurity Key Takeaways API Protection API Testing Create APIs with Confidence  Put protection in place for your APIs  Apply throttling, input validation, threat detection  Block the full spectrum of attacks  OWASP.org is your friend  Focus on most likely vulnerabilities first  Build security testing into your dev plans 23
@Axway @SmartBear #APISecurity Try For Free FREE TRIAL FREE TRIAL

Empfohlen

API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)
3scale
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API Management
BizTalk360
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
Akana
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
Apigee | Google Cloud
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
Apigee | Google Cloud
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
Manmohan Gupta
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption Patterns
Akana
 

Empfohlen

API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)
3scale
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API Management
BizTalk360
 
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking EraConfronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
Akana
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
Apigee | Google Cloud
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
Apigee | Google Cloud
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
Manmohan Gupta
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption Patterns
Akana
 
Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud of
Cisco DevNet
 
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
apidays
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterprise
Guru Lakshmeekar B
 
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaArchitecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and Akana
Akana
 
APIs for... Your Mom
APIs for... Your MomAPIs for... Your Mom
APIs for... Your Mom
Carlo Longino
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API Authorization
Nordic APIs
 
API Management
API ManagementAPI Management
API Management
Prolifics
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital Excellence
Ram Kumar
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices World
Apigee | Google Cloud
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management Seminar
CA API Management
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
Akana
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays
 
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
Apigee | Google Cloud
 
Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic Metadata
Nordic APIs
 
The Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your CustomersThe Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your Customers
Apigee | Google Cloud
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
Aditya Thatte
 
Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?
Applatix
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture
3scale
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc
 

Weitere ähnliche Inhalte

Was ist angesagt?

Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud of
Cisco DevNet
 
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaArchitecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and Akana
Akana
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
Akana
 
The Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your CustomersThe Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your Customers
Apigee | Google Cloud
 

Was ist angesagt? (20)

Build an api eco-system you can be proud of
Build an api eco-system you can be proud ofBuild an api eco-system you can be proud of
Build an api eco-system you can be proud of
 
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
APIdays Paris 2018 - The State of the API Industry Paolo Malinverno, VP Resea...
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterprise
 
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and AkanaArchitecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and Akana
 
APIs for... Your Mom
APIs for... Your MomAPIs for... Your Mom
APIs for... Your Mom
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API Authorization
 
API Management
API ManagementAPI Management
API Management
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital Excellence
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices World
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management Seminar
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
 
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
apidays LIVE JAKARTA - The modern digital with API Economy Ecosystems by Hari...
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
 
Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic Metadata
 
The Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your CustomersThe Digital Retailer: Finding and Engaging Your Customers
The Digital Retailer: Finding and Engaging Your Customers
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
 
Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?Webcast: AWS Sticker Shock? How can containers and automation help?
Webcast: AWS Sticker Shock? How can containers and automation help?
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
 

Andere mochten auch

API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
sflynn073
 
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
Publicis Sapient Engineering
 

Andere mochten auch (10)

Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
 
How to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API ProgramsHow to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API Programs
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
 
Oracle api gateway overview
Oracle api gateway overviewOracle api gateway overview
Oracle api gateway overview
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 
Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...
 
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
 
The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
 

Ähnlich wie Test and Protect Your API

Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
42Crunch
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
Priyanka Aash
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
42Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.142Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.1
WSO2
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API Security
AaronLieberman5
 

Ähnlich wie Test and Protect Your API (20)

apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
 
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
Safeguarding RESTful API in SaaS Product Development
Safeguarding RESTful API in SaaS Product DevelopmentSafeguarding RESTful API in SaaS Product Development
Safeguarding RESTful API in SaaS Product Development
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
2022 APIsecure_From Shift Left to Full Circle - A Pragmatic Approach to Catch...
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
 
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...
APIdays London 2019 - API Security Tips for Developers with Isabelle Mauny, 4...
 
42Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.142Crunch Security Audit for WSO2 API Manager 3.1
42Crunch Security Audit for WSO2 API Manager 3.1
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
 
What Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API SecurityWhat Hackers Don’t Want You To Know: How to Maximize Your API Security
What Hackers Don’t Want You To Know: How to Maximize Your API Security
 
API, Integration, and SOA Convergence
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
 
5 Pillars of API Management
5 Pillars of API Management5 Pillars of API Management
5 Pillars of API Management
 

Mehr von SmartBear

IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
SmartBear
 

Mehr von SmartBear (20)

Enforcing Your Organization's API Design Standards with SwaggerHub
Enforcing Your Organization's API Design Standards with SwaggerHubEnforcing Your Organization's API Design Standards with SwaggerHub
Enforcing Your Organization's API Design Standards with SwaggerHub
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
 
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
IATA Open Air: How API Standardization Enables Innovation in the Airline Indu...
 
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
The State of API 2020 Webinar – Exploring Trends, Tools & Takeaways to Drive ...
 
How LISI Automotive Accelerated Application Delivery with SwaggerHub
How LISI Automotive Accelerated Application Delivery with SwaggerHubHow LISI Automotive Accelerated Application Delivery with SwaggerHub
How LISI Automotive Accelerated Application Delivery with SwaggerHub
 
Standardising APIs: Powering the Platform Economy in Financial Services
Standardising APIs: Powering the Platform Economy in Financial ServicesStandardising APIs: Powering the Platform Economy in Financial Services
Standardising APIs: Powering the Platform Economy in Financial Services
 
Getting Started with API Standardization in SwaggerHub
Getting Started with API Standardization in SwaggerHubGetting Started with API Standardization in SwaggerHub
Getting Started with API Standardization in SwaggerHub
 
Adopting a Design-First Approach to API Development with SwaggerHub
Adopting a Design-First Approach to API Development with SwaggerHubAdopting a Design-First Approach to API Development with SwaggerHub
Adopting a Design-First Approach to API Development with SwaggerHub
 
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
 
Effective API Lifecycle Management
Effective API Lifecycle Management Effective API Lifecycle Management
Effective API Lifecycle Management
 
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
 
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
The API Lifecycle Series: Evolving API Development and Testing from Open Sour...
 
Artificial intelligence for faster and smarter software testing - Galway Mee...
Artificial intelligence for faster and smarter software testing - Galway Mee...Artificial intelligence for faster and smarter software testing - Galway Mee...
Artificial intelligence for faster and smarter software testing - Galway Mee...
 
Successfully Implementing BDD in an Agile World
Successfully Implementing BDD in an Agile WorldSuccessfully Implementing BDD in an Agile World
Successfully Implementing BDD in an Agile World
 
The Best Kept Secrets of Code Review | SmartBear Webinar
The Best Kept Secrets of Code Review | SmartBear WebinarThe Best Kept Secrets of Code Review | SmartBear Webinar
The Best Kept Secrets of Code Review | SmartBear Webinar
 
How Capital One Scaled API Design to Deliver New Products Faster
How Capital One Scaled API Design to Deliver New Products FasterHow Capital One Scaled API Design to Deliver New Products Faster
How Capital One Scaled API Design to Deliver New Products Faster
 
Testing Without a GUI Using TestComplete
Testing Without a GUI Using TestComplete Testing Without a GUI Using TestComplete
Testing Without a GUI Using TestComplete
 
Hidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script ExtensionsHidden Treasure - TestComplete Script Extensions
Hidden Treasure - TestComplete Script Extensions
 
How Bdd Can Save Agile
How Bdd Can Save Agile How Bdd Can Save Agile
How Bdd Can Save Agile
 
API Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship RulesAPI Automation and TDD to Implement Master Data Survivorship Rules
API Automation and TDD to Implement Master Data Survivorship Rules
 

Kürzlich hochgeladen

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 

Kürzlich hochgeladen (20)

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 

Test and Protect Your API

  • 1. @Axway @SmartBear #APISecurity Test & Protect Your API Practical Tips to Achieve API Security Nirvana with Axway & Ready! API 1
  • 2. @Axway @SmartBear #APISecurity The API Lifecycle – SmartBear approach SmartBear Confidential and  Open source based and driven  Integrated tools for Dev/Test across API lifecycle  Extendable and easily integrated into API lifecycle workflow  Data driven and automated  Protocol and runtime independent  Leverage and reuse assets across lifecycle  Democratize advanced dev/test capabilities
  • 3. @Axway @SmartBear #APISecurity  Axway technology manages interactions between applications, people and communities.  Security and integration across B2B (EDI, MFT, and APIs)  Positioned as a leader in Gartner Magic Quadrants for “On-Premises Application Integration Suites” and for “Application Services Governance” 3 About Axway
  • 4. @Axway @SmartBear #APISecurity Webinar Attendee Statistics 3% 41% 56% How important is API Security to your organization? Not important at all Growing importance Very important 23% 65% 12% How much API Security testing do you do today? None Some Extensive 56% of attendees for this webinar responded that API security is “very important,” and yet only 12% are doing extensive security testing
  • 5. @Axway @SmartBear #APISecurity  Security vulnerabilities related to APIs  Enabling account information exposure (Snapchat) 5 APIs – A soft underbelly for security?
  • 6. @Axway @SmartBear #APISecurity 6 IRS Data Breach Insecure API Access
  • 7. @Axway @SmartBear #APISecurity 7 And more security vulnerabilities…
  • 8. @Axway @SmartBear #APISecurity  Insecure APIs are often the source of mobile app security issues  Sniffers can detect insecure API calls 8 Mobile App vulnerabilities are often API vulnerabilities in disguise… Source: http://www.troyhunt.com/2014/10/find-crazy-stuff-in-mobile-app.html
  • 9. @Axway @SmartBear #APISecurity  Problem:  API Keys are often simply passed in URLs  &APIKey=123456  Vulnerable to sniffing and replay attacks  Amazon uses two keys:  Secret Key ID to perform HMAC signing  With detection of replay attacks  Access Key ID to identify the client 9 Beware Weak API Key Authentication
  • 10. @Axway @SmartBear #APISecurity 10 The solution – API Management Configure API Keys Configure OAuth
  • 11. @Axway @SmartBear #APISecurity  Managing usage quotas for APIs to prevent misuse of DoS 11 Quota Management for APIs Configure Quotas
  • 12. @Axway @SmartBear #APISecurity 12 The Role of the API Gateway
  • 13. @Axway @SmartBear #APISecurity  Protective Security  Content-Level Threats (XDoS, XXE, etc)  WAF functionality (OWASP Top Ten, etc)  Throttling  Policy Decision and Enforcement Point  STS- Security Token Creation, Consumption, Mediation  Dynamic Authorization  Data Flow Introspection and Governance  Integration (lightweight ESB)  Heterogeneous, Vendor Agnostic  Multiple Protocol and Standard Support  Enterprise Architecture Intelligence and Protection  SSO Enablement  Architecture wide auditing and risk analysis 13 API Gateway – Security and more
  • 14. @Axway @SmartBear #APISecurity API Gateway protects against threats to Web Services / APIs including:  Unauthorised Access  Parameter Manipulation and Data Harvesting  Network eaves dropping  Disclosure of sensitive customer data  Message replay 14 Security provide by API Gateways Unauthorised Access Parameter Manipulation Virus Insertion Consumer Network Eavesdropping Message Replay Firewall API Disclosure of customer data Standard network firewalls offer no protection against these threats
  • 15. @Axway @SmartBear #APISecurity Client Applications REST API SOAP/XML/REST/JSON API Manager Services Applications Data Application Developers API Portal API API Registration & Lifecycle API Catalog Partner & Policy Administration Self-Service API consumption Build developer community New channel to market brand API Developers API Administrators Self-register to resources Browse and learn APIs Manage application credentials R E S T SOAP Web Services POX, JMS, FTP Integration with non- REST API services Policy Enforcement API Gateway Register and manage API lifecycle Perform partner, policy and process admin Monitor and report API use Policy Developers Create and extend policies Integrate with applications and infrastructure API Gateways in API Management
  • 16. @Axway @SmartBear #APISecurity  API breaches can result in:  Stolen data  Server attacks  Spoofing  IoT device tampering 16 API Security testing: Why is it so important?
  • 17. @Axway @SmartBear #APISecurity • We want to know as much as possible about an API’s endpoints, messages, parameters, behavior • The more we know about the API’s surface – the better we can target our attack! Thinking like a hacker
  • 18. @Axway @SmartBear #APISecurity  OWASP.ORG  Identify the most likely “soft spots”  Run all the scans but automate & repeat the most important ones  Don’t neglect payload analysis  Pay attention and respond quickly 18 Looking for vulnerabilities in your API
  • 19. @Axway @SmartBear #APISecurity Show Me How to Protect My API 19
  • 20. @Axway @SmartBear #APISecurity Demo – Scenario Bank Account API with – One method for users get balance one of their accounts – Vulnerable to SQL Injection User authentication out of scope – Focus on the SQL Injection attack
  • 21. @Axway @SmartBear #APISecurity Demo – Detecting API Threats API vulnerable to SQL injections Definition imported prior to demo 1. Normal request 2. scanning GET http://<host>/account/balance?accnt=123456789 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=123456789;  Returns the balance from account 123456789 GET http://<host>/account/balance?accnt=1 OR 1=1 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=1 OR 1=1;  Returns the balance from all accounts!
  • 22. @Axway @SmartBear #APISecurity Demo – Protecting Against API Threats Threat Protection API Gateway Protected API API Manager 1. Normal request 2. scanning API vulnerable to SQL injections GET http://<host>/account/balance?accnt=123456789 HTTP/1.1  SELECT balance FROM accountinfo WHERE account=123456789;  Returns the balance from account 123456789 GET http://<host>/account/balance?accnt=1 OR 1=1 HTTP/1.1  Detected and Blocked by Axway API Gateway!
  • 23. @Axway @SmartBear #APISecurity Key Takeaways API Protection API Testing Create APIs with Confidence  Put protection in place for your APIs  Apply throttling, input validation, threat detection  Block the full spectrum of attacks  OWASP.org is your friend  Focus on most likely vulnerabilities first  Build security testing into your dev plans 23
  • 24. @Axway @SmartBear #APISecurity Try For Free FREE TRIAL FREE TRIAL

Hinweis der Redaktion

  1. Self-service API consumption Developers can browse APIs and register applications Build a partner and developer community around the APIs New channel to promote brand API catalog Browseable registry of APIs API lifecycle management Register, publish, version, deprecate API administration Client administration & policy management Monitor & manage API usage API policy enforcement API proxy for enforcing common policies