Thank you Christopher, I am closely familiar with the links above.
As to the response from the experts - I think it is aimed to answer Q1. Is the way to interpret it - "API projects have
zero benefit from being placed behind Imperva Cloud WAF w/o API Security enabled? In fact, there could harm/interference via Imperva's Bot Protection"?
And what about Q2: Gartner MQ 2020 states - "Imperva offers comprehensive API security, including DDoS protections and the ability to parse JSON and XML, websockets, webhooks, GraphQL, gRPC and server-side events (SSE)" - Do these require "API Security" enabled? And is there a reference doc which describes this functionality and all the supported protocols?
------------------------------
Max
------------------------------
Original Message:
Sent: 11-05-2020 11:15
From: Christopher Detzel
Subject: API Security Questions
@Max X
Here is another answer I received from one of our experts: "An API is an automated process that looks and smells like a BOT - in most cases it must be whitelisted w/o API protection."
------------------------------
Christopher Detzel
Community Manager
Imperva
Original Message:
Sent: 11-05-2020 09:35
From: Max X
Subject: API Security Questions
Hi, a few questions about API Security:
1. What kind of API protection do we get by default without API Security module enabled?
2. Gartner MQ 2020 states: "Imperva offers comprehensive API security, including DDoS protections and the ability to parse JSON and XML, websockets, webhooks, GraphQL, gRPC and server-side events (SSE)" - Do these require "API Security" enabled? And is there a reference doc which describes this functionality and all the supported protocols?
Thank you
#APISecurity
#CloudWAF(formerlyIncapsula)
------------------------------
Max
------------------------------