Hi Phillip
API security compliments the Cloud WAF by adding a layer of protection to the API itself.
Our API solution:
- Leverages the SaaS infrastructure and the CDN and DDoS capabilities of Imperva Application Security suite, and uses the same management portal.
- Allows users to see security events per API endpoint and automatically creates and enforces a positive security model layer from the customer's Open API specification document (i.e. Swagger).
- Automatically disables Captcha cookie challenge and Javascript challenge on API traffic.
- Integrates with API management platforms through designated APIs and open source tools, making security an integral part of API lifecycle management.
You can read more in the Imperva API Security documentation
I also suggest you look at the following webinars to get an even better understanding
Introduction to Imperva API Security: Community Webinar
Securing API's Part 2 Mitigating Input Validation Vulnerabilities Community Webinar
Doron
------------------------------
Doron Tzur
Customer Success Manager
Tel Aviv CA
------------------------------
Original Message:
Sent: 03-29-2021 15:44
From: Phillip Mulloy
Subject: Benefits of API Security
Hi All,
Is there a benefit to implementing Imperva's positive API security method https://www.imperva.com/products/api-security/ vs just putting out APIs behind the WAF? What are the benefits of going this extra step?
Thanks,
#APISecurity
------------------------------
Phillip Mulloy
Sr. Network Engineer
Southfield MI
------------------------------