Why the need for API Security?
As the use of APIs continues to grow so too does the security risk, APIs expose a wider attack surface which can make it easier for cyber criminals to exploit. Gartner stated that "by 2022 API abuse will become the most frequent attack vector" it is more important than ever to have a positive security model which removes the burden of specification validation on developers.
How Imperva can help solve these issues and burden of API Security management:
Without Imperva API Security, every addition or change of an API by development needs to be updated across application security policies, this takes up a large amount of developers time which could be used elsewhere in the business.
With Imperva you can Protect all of your APIs that are in play and soon to be published. You can layer up your security posture by ensuring your web applications and APIs are protected specifically. By using Imperva's API Security you can have a single stack application security for websites and APIs.
So how do you implement the product?
A full document on Imperva API security is available but the key areas are detailed below with links to the specific areas of the document.
Prerequisites
Prior to setting up Imperva API Security you need to follow the steps detailed here.
How to Open API Security?
API Security can be accessed from the Imperva Management Console. Full steps can be found at the following link: Accessing Imperva API Security
API Security Dashboard
The API Security Dashboard provides an at-a-glance view of the sites and their APIs that are protected on your system. For each API you can view the Host (site) ID, the API description, Action that will be taken in case of an API Specification violation, and the last date the API was modified. You can then drill down for a more detailed look. In addition, you can add more APIs using a swagger file, edit existing APIs or delete them. A full description can be located at the following link: API Security Dashboard
View API Details
For each API, you are able to click and view its details. For a full list of details please view the following link: View API Details
API Security API
With Imperva you can manage your API Security using APIs, to view the General Structure, required format, or integrate easily using open source tools for a full technical explanation please see the following link: API Security API.
What does your API Security plan look like now or in the near future? Is there anything you can share with the community on your experiences with managing API Security?
#APISecurity#CloudWAF(formerlyIncapsula)------------------------------
Patrick McCrudden
Customer Success Manager
Imperva
------------------------------