Imperva Cyber Community

 View Only

Know Your Grey-Matter API: Best Practices to Secure Unmanaged APIs Webinar Recording

By Seana Murray posted 10-17-2025 10:46

  

HI Community,

In this insightful session, Levin Cheng and Luke Barbarinde delve into the critical aspects of API security, shedding light on the growing challenges organizations face in managing both known and unknown APIs. Through real-world examples and expert analysis, they explore what truly defines an API and why that matters in the context of security. This webinar will help you will gain a deeper understanding of the threats targeting APIs and learn about practical strategies to mitigate them through a multi-layered security approach.

Snapshot of what’s Included:

  • Defining what an API is and why clarity matters for security

  • Common API vulnerabilities and real-world breach examples

  • The risks of shadow APIs and poor API inventory practices

  • Advanced protective measures and tools for API defense

  • Risk management strategies tailored for API environments

l

Does eWAF have advanced API security features ? The same as on Imperva cloud WAF?  Integration w eWAF is in development. we are in final testing phase. 

We have recently bougth API Sec module, we have done already a discovery of unauthenticated and BOLA APIs, a lot of them was false positive for us. How can we declarate them as false positive? It seems that it's a feature not available. When it comes to risk, it sometimes err on the side of alerting the users about risk.  We would introduce more features in the future for one to acknowledge or disable a particular risk. Thanks for validating that request. In addition, we also have customer who have defined policy to mitigate a risk who also need to then change the risk status to “mitigated”.

In Imperva cloud console. I'm keen to know why the API that has been labelled with vulnerability is not having you see other vulnerabilty to OWASP Top 10. It just shows you the site is vulnerable without proper detail whether it's BOPLA,BOLA,Mass Assignment or Misconfiguration. Due to data privacy policy, we do not preserve “evidence” today. We are looking for ways to add evidences in the near future. We need to implement it carefully with proper cryptographic protection in place.

As always if you have any questions please drop them below!


#APISecurity

0 comments
28 views

Permalink

https://community.imperva.com/blogs/seana-murray/2025/10/17/know-your-grey-matter-api-best-practices-to-secure