Malicious assaults and denial-of-service attacks are increasingly targeting enterprise applications as back-end systems become more accessible and usable through cloud, mobile and in on-premise environments. The API is a major point of vulnerability, given its ability to offer programmatic access to external parties with few organically available controls. Security, therefore, is an essential element of any organization's API strategy. While API security shares a lot of aspects that are common to both web site security and network security, it is also fundamentally different both in terms of usage patterns as well as the unique areas of additional risks that APIs are susceptible to. For instance APIs move the boundary of interaction from the web tier to the backend applications and data sources directly. The purpose of this paper is to help you understand the necessary components of a well-constructed API security strategy. First it takes you through API risk assessment discussing the various attack vectors that could potentially make your API vulnerable. Then the paper talks about risk mitigation strategies that API providers can put in place to prevent API hacks.
Continue Reading Here