APIs have become the crown jewels of organizations’ digital transformation initiatives, empowering employees, partners, customers, and other stakeholders to access applications, data, and business functionality across their digital ecosystem. So, it’s no wonder that hackers have increased their waves of attacks against these critical enterprise assets.
Unfortunately, it looks like the problem will only worsen. that, “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.”
Many enterprises have responded by implementing API management solutions that provide mechanisms, such as authentication, authorization, and throttling. These are must-have capabilities for controlling who accesses APIs across the API ecosystem—and how often. However, in building their internal and external API strategies, organizations also need to address the growth of more sophisticated attacks on APIs by implementing dynamic, artificial intelligence (AI) driven security.
This article examines API management and security tools that organizations should incorporate to ensure security, integrity, and availability across their API ecosystems.
Rule-based and policy-based security measures
Rule-based and policy-based security checks, which can be performed in a static or dynamic manner, are mandatory parts of any API management solution. API gateways serve as the main entry point for API access and therefore typically handle policy enforcement by inspecting incoming requests against policies and rules related to security, rate limits, throttling, etc. Let’s look closer at some static and dynamic security checks to see the additional value they bring.
Static security checks
Static security checks do not depend on the request volume or any previous request data, since they usually validate message data against a predefined set of rules or policies. Different static security scans are performed in gateways to block SQL injection, cohesive parsing attacks, entity expansion attacks, and schema poisoning, among others.
, where he leads the development of the WSO2 API Manager. Lakshitha Gunasekara is a software engineer on the WSO2 API Manager team.
New Tech Forum provides a venue to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all inquiries to .