In today’s organizations, Application Programming Interfaces (APIs) are integral to business operations. In fact, the standard organization manages over 300 APIs. This growing popularity correlates with the mass organizational adoption of a microservices architecture, which involves building applications from variably-sourced components and using these components interchangeably across applications. It differs from the traditional application structure, which was more self-contained. Today, organizations heavily rely on application portfolios with open connectivity, data sharing, and integrations, which is exactly what APIs offer. They’re the modern tool that holds all of your applications together.
Yet, as APIs grow in popularity, they also become more of an attack surface. As a result, organizations are facing greater security threats. In the past two years, multiple breaches have issued from inadequate API security. We’ve seen incidents in large organizations, like T-mobile and Instagram, where millions of users’ sensitive data were exposed due to poor API security protections. This year, we’ve already seen a number of high-profile breaches and security exposures that resulted from poorly defended APIs. The issue is so prevalent, in fact, that API vulnerabilities almost made it into the 2017 OWASP Top Ten list. These vulnerabilities are common, and they’re also difficult to detect. They can result in data theft, corruption, destruction, and unauthorized access to the whole application. Gartner even claims that, by 2022, API attacks will be the leading cause of data breaches in enterprise web applications.
Given this state of affairs, Security Compass is eager to announce the release of our new Defending Web APIs course, to be released on September 6th, 2018. This new course will address relevant API security concerns and will teach developers how to protect their software and APIs.
A Brief Course Overview
Designed for junior developers with some experience using APIs, this course discusses defenses against common vulnerabilities in today’s RESTful Web Application Programming Interfaces (APIs). During the course, you’ll review the security of connecting to APIs, validating input and output, communication channels, and common attacks.
SD Elements Offers API Security
Using our policy-to-execution platform, SD Elements, you can operationalize security requirements for your APIs, protecting all of your applications. For instance, SD Elements allows you to perform authorization checks on RESTful web services, design secure RESTful web services and prevent parameter tampering in web services.