Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
News, news analysis, and commentary on the latest trends in cybersecurity technology.
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.
2 Min Read
APIs — application programming interfaces — are critical to the modern Internet, as they facilitate communications between applications such as data transfers. As developers increasingly rely on APIs to deliver new features across web, mobile, and cloud-native applications, threat actors are also taking advantage of their prevalence to breach organizations and extract data.
Enterprise security teams have the difficult task of managing and protecting these service-based application architectures. Security teams need to know when new APIs are added or existing APIs are modified, as well as what kind of client data is being exposed at every layer of the application stack.
“Gartner predicts that by 2022, application programming interface (API) attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications,” the research firm said in a recent webinar.
The API Attack Surface Calculator is a free self-assessment tool designed to help organizations measure their attack surface, according to Data Theorem, the company behind the service. The calculator asks seven questions and performs a first-level security analysis based on the supplied answers in less than five minutes.
Questions include asking if the organization has APIs for public web and mobile applications, what kind of APIs are in use (REST, GraphQL, etc), which public clouds and cloud services the organization uses, which web application framework the developers rely on, and which regulatory and compliance standards apply to the organization. Data Theorem’s Analyzer Engine takes the answers and generates ratings around potential API exposures across the multiple applications layers: client, data transport, and cloud.
The calculator doesn’t help with API discovery, but it gives security teams a starting point for understanding how their APIs contribute to the organization’s attack surface. A thorough understanding of the type of APIs in use would help security leaders build a modern API security program, Data Theorem says.
Read more here.
About the Author(s)
You May Also Like
More Insights
Webinars
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024