Scribd
Upload
43 views

Sig Sci DataSheet API Protection0619

APIs are the backbone of modern web, cloud, and mobile applications. Signal Sciences protects APIs no matter where or how our customers deploy them by defending against a wide variety of threats at the API layer such as brute forcing unique identifiers, account takeover, sensitive API abuse, malicious bots, partner misuse, and more. Signal Sciences prevents these API attacks with its patented architecture and provides comprehensive threat protection and security visibility for APIs.

Uploaded by

Sebastian Sejzer
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
43 views

Sig Sci DataSheet API Protection0619

APIs are the backbone of modern web, cloud, and mobile applications. Signal Sciences protects APIs no matter where or how our customers deploy them by defending against a wide variety of threats at the API layer such as brute forcing unique identifiers, account takeover, sensitive API abuse, malicious bots, partner misuse, and more. Signal Sciences prevents these API attacks with its patented architecture and provides comprehensive threat protection and security visibility for APIs.

Uploaded by

Sebastian Sejzer
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

SUMMARY

APIs are the backbone of


modern web, cloud, and

Enterprise API Security


mobile applications. Signal
Sciences protects APIs no
matter where or how our
customers deploy them.

Application Programming Interfaces (APIs) enable organizations to share data with authorized software developers
who leverage that valuable data in their own applications. As a component of modern business innovation and
software development, APIs enable applications to exchange data and, in effect, “talk to” one another. But the risk of
exposing valuable data via APIs is real: Gartner estimates that by 2022, API abuses will be the most-frequent attack
vector for enterprise web applications data breaches1. Clearly, API security must be part of any strategic security plan.

Signal Sciences is the only web application security solution that defends
against a wide variety of threats at the API layer, including the following major
API security categories:

API SECURITY CATEGORY: ATTACK SCENARIOS PROTECTED AGAINST:

Brute forcing sensitive IDs or tokens in APIs that are not searchable or public leads
Unique Identifier
Enumeration to discovery and exposure of sensitive customer data, unpublished media, payment
information, PII, and other confidential data.

Attackers use known lists of compromised credentials from common password


Account Takeover
(a.k.a. “Credential Stuffing”) lists and breach data dumps to try to gain access to customer accounts through
authentication APIs.

Targeting sensitive APIs such as gift card and credit card validation and attempting
Sensitive API Abuse to validate stolen credit cards, perform ecommerce gift card fraud, obtain patient
healthcare records.

Malicious automation and bots are used to perform content scraping, tie up system
Malicious bots
resources, perform account brute forcing, and other actions.

1 Gartner: How to Build an Effective API Security Strategy

DATASHEET
API SECURITY CATEGORY: ATTACK SCENARIOS PROTECTED AGAINST:

While organizations want to provide partners with access to APIs to automate

Partner misuse workflow, partners can easily accidentally overwhelm API endpoints and create
resource exhaustion or excessive costs through unintended spikes in API requests.

Bad actors using Tor attempt to access APIs from countries or geographies where
Malicious or disallowed
traffic sources services aren’t legitimately provided. Or they attempt to perform transactions from
OFAC countries blocked due to regulatory compliance.

User management APIs abused by insiders to grant elevated access or perform a


Insider Threat
high number of permissions changes.

APIs attempting to be used from an untrusted device that does not contain the right
Policy Enforcement
cookie or device identifier.

OWASP Injection Issues APIs using unpatched or outdated third party frameworks / libraries, and injection
/ Virtual Patching issues such as Command Execution, XSS, SQL Injection, and others.

Malicious attack tooling that performs a high velocity of requests leading to stolen
Rate limiting
content or resource exhaustion.

Targeting high system cost APIs such as database queries, search pagination, data
Denial of Service
exports, etc.

Signal Sciences prevents the above API layer attacks with our patented architecture that provides organizations working in
a modern development environment with comprehensive and scalable threat protection and security visibility.

No matter how you deploy your APIs, Signal Sciences can protect them.

Signal Sciences runs natively in any cloud, data center, or container, with a variety of deployment options at the code, web
server or API layer. Learn how our patented approach can help secure your web layer assets at signalsciences.com.

“ Getting Signal Sciences up and running is quick and easy. It was literally a five minute process:  with just a few
Signal Sciences rules changes specific to our authentication flows, we were able to effectively block account
takeover attempts in production.

Robert Davis, Director of Cybersecurity

SIGNALSCIENCES.COM
DATASHEET | [email protected]

You might also like