SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

Similar documents
5 OAuth Essentials for API Access Control

Solutions Business Manager Web Application Security Assessment

Moving From Reactive to Proactive Storage Management with an On-demand Cloud Solution

Closing the Biggest Security Hole in Web Application Delivery

SOLUTION BRIEF NETWORK OPERATIONS AND ANALYTICS. How Can I Predict Network Behavior to Provide for an Exceptional Customer Experience?

The Top 6 WAF Essentials to Achieve Application Security Efficacy

TIBCO Cloud Integration Security Overview

OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

Copyright

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

Applications Security

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

LiveEngage Messaging Platform: Security Overview Document Version: 2.0 July 2017

F5 Big-IP Application Security Manager v11

Security Best Practices. For DNN Websites

Dell One Identity Cloud Access Manager 8.0. Overview

Overview. Application security - the never-ending story

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

Cloud Link Configuration Guide. March 2014

Citrix NetScaler AppFirewall and Web App Security Service

Cloud Access Manager Overview

Keep the Door Open for Users and Closed to Hackers

Microsoft Internet Security & Acceleration Server Overview

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

Overview. Business value

Secure Development Guide

CA Cloud Service Delivery Platform

CA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5

CA IdentityMinder. Glossary

DenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect

C1: Define Security Requirements

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

CA Cloud Service Delivery Platform

OWASP Top 10 The Ten Most Critical Web Application Security Risks

CA Cloud Service Delivery Platform

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

W H IT E P A P E R. Salesforce Security for the IT Executive

CA Cloud Service Delivery Platform

BRM Accelerator Release Notes - On Premise. Service Pack

Web Application Firewall

Evaluation Criteria for Web Application Firewalls

Configuring BIG-IP ASM v12.1 Application Security Manager

Providing Secure, Fast and Available

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

Securing Your Amazon Web Services Virtual Networks

Protect Your Data the Way Banks Protect Your Money

CA SiteMinder Federation

CA SiteMinder Federation

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Web Application Firewall for Web Environments

SonicWall Web Application Firewall 2.0. AWS Deployment Guide

PRESENTED BY:

CA Cloud Service Delivery Platform

Siebel CRM. Siebel Security Hardening Guide Siebel Innovation Pack 2015 E

epldt Web Builder Security March 2017

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

303 BIG-IP ASM SPECIALIST

How to Deploy and Use the CA ARCserve RHA Probe for Nimsoft

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

CA SiteMinder. Federation in Your Enterprise 12.51

O365 Solutions. Three Phase Approach. Page 1 34

SafeNet Authentication Service

Scan Report Executive Summary

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Managed Application Security trends and best practices in application security

CA Cloud Service Delivery Platform

OWASP TOP OWASP TOP

CA Mobile Device Management Configure Access Control for Using Exchange PowerShell cmdlets

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016

WHITE PAPER JANUARY Creating REST APIs to Enable Your Connected World

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

CA GovernanceMinder. CA IdentityMinder Integration Guide

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

CA CloudMinder. SSO Partnership Federation Guide 1.51

THUNDER WEB APPLICATION FIREWALL

Certified Secure Web Application Engineer

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Mitigating Security Breaches in Retail Applications WHITE PAPER

Securing Your Microsoft Azure Virtual Networks

RiskSense Attack Surface Validation for Web Applications

Contains the Linux Identity Server, the Linux Administration Console, the ESP-enabled SSL VPN Server, and the Traditional SSL VPN Server.

Enhancing Exchange Mobile Device Security with the F5 BIG-IP Platform

CA SiteMinder Web Access Manager. Configuring SiteMinder Single Sign On for Microsoft SharePoint 2007 Using Forms-based Authentication

CA SiteMinder. SDK Overview Guide 12.52

Citrix NetScaler Basic and Advanced Administration Bootcamp

Welcome to the OWASP TOP 10

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Novell Access Manager

Web Application Vulnerabilities: OWASP Top 10 Revisited

Bank Infrastructure - Video - 1

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

How to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity

Transcription:

SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com How can an enterprise manage web services, web APIs and web applications from a single platform? Depending on the business requirements, CA API Management can be the one security platform for all web services, APIs and application traffic.

3 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com Executive Summary CA API Management has long helped customers simplify and accelerate the security, integration and management of their web services and web API traffic. Many enterprises are looking to extend that same functionality to web applications (similar to many of the functions a web application frewall might provide) and are looking to consolidate appliances into a single platform. Depending on your requirements, CA API Management can be your one security gateway for all web services, APIs and application traffic. Benefits This begins with the Publish Reverse Web Proxy Wizard, which makes it easy to quickly publish a reverse web proxy with a runtime policy tailored specifically to Microsoft SharePoint or a more generic runtime policy for any other web application. One common use case for which customers use CA API Management is enabling non-kerberos client access (e.g., mobile device browser access) to Kerberos-protected SharePoint sites. CA API Management s Publish Reverse Web Proxy Wizard and support for Kerberos Constrained Delegation makes this possible. CA API Management has broad support for many other credential types including X.509, HTTP Basic, SAML, OAuth, JWT, CA Single Sign-On and more. This allows CA API Management to be an identity broker for many other scenarios. Kerberos constrained delegation Other private creds Cookies, OAuth, other credentials CA API Management KDC Windows Domain Server SharePoint or other web apps

4 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com Another common use for API management is meeting PCI requirements, which necessitates an assessment of the OWASP Top Ten. OWASP Top Ten TCA API Management also provides many additional capabilities to protect web application threats like those described by the OWASP Top Ten (2017), and OWAPS Top Ten protection can help customers meet key PCI requirements: A1 Injection CA API Management provides policy assertions to protect against SQL and other types of injection attacks. CA API Management also has full access to all web request and response content and context to enable inspection and protection at runtime. A2 Broken Authentication CA API Management can require strong or multifactor authentication over secure protocols and can protect against brute force attacks using simple or sophisticated rate limiting or throughput quota policies Through policy management, CA API Management can also detect and protect against session-based attacks by controlling cookie security attributes, using digital signatures and encryption or tracking, and mapping and enforcing sticky session identifiers sent in a variety of ways. A3 Sensitive Data Exposure Through policy management, CA API Management can require encryption at rest or in-transit, and can be configured to to PCI-DSS compliant - meeting the needs of regulated industries such as financial, healthcare, and public sector. A4 XML External Entities CA API Management can protect against remote code execution and denial of services (DoS) attacks. A5 Broken Access Control CA API Management provides an unparalleled range of proprietary and industry-standard access control mechanisms to ensure that protected resources can only be accessed by authenticated and authorized users and applications using centralized security policies. A6 Security Misconfiguration CA API Management is a special-purposed security gateway that has been hardened for easy and secure deployment to the DMZ, and meets Common Criteria certification for the Enterprise Security Management, Policy Management Version 2.1, and Enterprise Security Management, Access Control Version 2.1 profiles. As the first line of application layer defense in front of your web applications, CA API Management can help protect you from security misconfigurations elsewhere in your stack. A7 Cross-Site Scripting (XSS) CA API Management is a hardened and purpose built solution for maximum attack protection for services, APIs and applications, and it allows customers to detect, respond to and block attackes using centralized security policy as an application layer firewall.

5 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com A8 Insecure Deserialization CA API Management provides policy assertions to protect against SQL and other types of injection attacks. CA API Management also has full access to all web request and response content and context to enable inspection and protection at runtime. A9 Using Components with Known Vulnerabilities As noted under A5, CA API Management is a special purposed security gateway that has been hardened for easy and secure deployment to the DMZ and meets Common Criteria certification for the Enterprise Security Management Policy Management Version 2.1 and Enterprise Security Management Access Control Version 2.1 profiles. CA API Management engineering and support teams are constantly vigilant for new vulnerabilities and quickly create, release and communicate vulnerability patches to CA API Management customers. These patches are easily applied through the patch management system included with CA API Management. A10 Insufficient Logging and Monitoring CA API Management provides definable monitoring levels, allowing the appropriate level of reporting based on the enterprise requirements. In addition to implementing signature-based threat detection using the patterns described above, CA API Management integrates with best-of-breed virus scanners and further protects from message-level threats by validating traffic against application-level metadata such as XML schemas and JSON schemas. Finally, CA API Management provides additional reverse web proxy capabilities including: Caching Throttling/shaping Compression SSL termination Intelligent dynamic routing/load balancing URL rewriting Header manipulation Parameter manipulation Cookie manipulation

6 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com Summary For many enterprises, configuring CA API Management as defined above will allow them to consolidate appliances and from a single pane of glass, manage the security, integration and management of their web services, web API traffic and web applications. The CA Technologies Advantage The industry-leading API management products from CA Technologies connect the enterprise to mobile apps, cloud platforms, developers and IoT through APIs. Delivered as hardware networking appliances, virtual appliances or as software, our products are helping large organizations integrate everything, simplify and enable app development, protect apps and APIs with end-to-end security and enable business growth in the application economy. For more information, please visit ca.com/api Connect with CA Technologies CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business, in every industry. From planning to development to management and security, CA is working with companies worldwide to change the way we live, transact and communicate across mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com. Copyright 2018 CA. All rights reserved. Microsoft and SharePoint are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damages. CS200-330845_0118

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback