SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Similar documents
Imperva Incapsula Website Security

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

Securing Your Microsoft Azure Virtual Networks

Securing Your Amazon Web Services Virtual Networks

The Top 6 WAF Essentials to Achieve Application Security Efficacy

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

TIBCO Cloud Integration Security Overview

Achieving End-to-End Security in the Internet of Things (IoT)

E-BOOK. Healthcare Cyber Security and Compliance Guide

IBM Cloud Internet Services: Optimizing security to protect your web applications

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

haltdos - Web Application Firewall

Imperva Incapsula Load Balancer

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

Delivering Cyber Security Confidence for the Modern Enterprise

Solutions Business Manager Web Application Security Assessment

OWASP TOP OWASP TOP

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Shortcut guide to Web application firewall deployment

Imperva Incapsula Product Overview

Web Application Firewall Subscription on Cyberoam UTM appliances

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

Office 365 Buyers Guide: Best Practices for Securing Office 365

The Interactive Guide to Protecting Your Election Website

Configuring BIG-IP ASM v12.1 Application Security Manager

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

CyberP3i Course Module Series

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Enterprise D/DoS Mitigation Solution offering

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Web Application Penetration Testing

Imperva CounterBreach

RSA SecurID Implementation

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

API Best Practices. Managing APIs holistically across the enterprise

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Key Considerations in Choosing a Web Application Firewall

Best Practices in Securing a Multicloud World

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

THUNDER WEB APPLICATION FIREWALL

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Citrix NetScaler AppFirewall and Web App Security Service

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Protect your apps and your customers against application layer attacks

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Security

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

Advanced Techniques for DDoS Mitigation and Web Application Defense

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Evaluating the Security Risks of Static vs. Dynamic Websites

Continuously Discover and Eliminate Security Risk in Production Apps

The Presence and Future of Web Attacks

DreamFactory Security Guide

SECURE DATA EXCHANGE

PEACHTECH PEACH API SECURITY AUTOMATING API SECURITY TESTING. Peach.tech

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

IBM Security Network Protection Solutions

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

AKAMAI CLOUD SECURITY SOLUTIONS

Building Trust in the Internet of Things

Vulnerability Assessment with Application Security

ISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems

Protecting Your Cloud

Web Application Firewall

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

C1: Define Security Requirements

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

SecureSphere Web Application Firewall Test Drive

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Securing Your Most Sensitive Data

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Data Privacy and Protection GDPR Compliance for Databases

Comprehensive datacenter protection

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

DenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect

GDPR Update and ENISA guidelines

Framework for Application Security Testing. September 11th, 2018

GOING WHERE NO WAFS HAVE GONE BEFORE

IBM Security Access Manager

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Maximum Security with Minimum Impact : Going Beyond Next Gen

Preparing your network for the next wave of innovation

The Windstream Enterprise Advantage for Banking

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

6 KEY SECURITY REQUIREMENTS

Building Resilience in a Digital Enterprise

Imperva SecureSphere Appliances

Encrypted Traffic Security (ETS) White Paper

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Transcription:

Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications

40 percent of the world s web applications will use an interface Most enterprises today rely on customers accessing their applications to conduct daily business. These enterprises know by now that application programming interfaces (s) are becoming more common than ever before to enable communication between applications and end users. Even though they are working behind the scenes, s are ubiquitous they help to deliver sports updates, post online messages, order food enabling everything online. To stay competitive, businesses need to publically expose and rely on calls to applications that serve business-enabling data to consumers. Leading industry analysts expect that by 2019, around 40 percent of the world s web applications will use an interface which is almost a three times increase compared to its usage in 2015. The increased usage can also be attributed to applications moving into public and private cloud infrastructure because the cloud s agility, resiliency and scalability drives business growth. The other driving factors for increased usage of s in a changing application development environment are: Rise of DevOps Micro-services architecture Containers Serverless architecture Figure 1: Serverless, Micro-services architecture More and more IT groups are adopting approaches such as DevOps and microservices architectures More and more IT groups are adopting approaches such as DevOps and micro-services architectures, as well as supporting technologies including cloud computing, containers and automation toolchains and frameworks. Within this new /application landscape and software development security becomes more challenging as the number of touchpoints and integrations increase. Cybercriminals are increasingly turning their attention to security gaps and vulnerabilities in modern software. Given the speed and volume of adoption today and the greater complexity of the environment, it s never been more important to secure your applications and data. 2

Understanding Application Programming Interfaces s at a glance Application programming interfaces (s) aren t new, but they are increasingly important for exposing specific internal functions of a service or application to the outside world. s are essentially plug-and-play services that enable different services, applications and platforms to communicate with each other in real time. The popularity of micro-services architecture is driving increased usage and exposure of s because all micro-services use s to communicate with other services and applications. Need to provide data to an ecosystem of partners? That s what an is for. economy s are essential today for companies looking to monetize data and services to create new revenue streams. Need to provide data to an ecosystem of partners? That s what an is for. The economy, as it s being called, refers to using s to deliver new digital products and services to the market and enable new business models and channels. gateway An gateway establishes a single entry point for all requests coming from clients, insulates the clients from how an application may be partitioned into micro-services, and enables clients to retrieve data from multiple services with one request. CLIENTS SERVERS Desktop App Web App Mobile App Gateway Internet of Things Figure 2: Clients accessing s through Gateway 3

Security and s It s possible for attackers to reverse-engineer an by examining client code Simply put, s are an additional attack vector for cybercriminals and can make your micro-services and other endpoints vulnerable to a full range of web application attacks. It s possible for attackers to reverse-engineer an by examining client code or simply by monitoring communications. gateways provide a mediation layer to authenticate and route calls. As s are exposed to more and more clients, they are exposed to a variety of cyber attacks that gateways cannot stop, including: DDoS attack can cause quite a disruption to -fronted web applications. Denial of service attacks: -fronted web applications are exposed to bot and DDoS abuse a poorly written could use up a lot of compute resources if it starts receiving invalid inputs. In general, a DDoS attack can cause quite a disruption to fronted web applications. Exploits and technical attacks: It s possible for attackers to simply inject malicious content that could lead to exploits. Such technical attacks could include poisoning of JSON web tokens, attempts to light up traditional SQL injection or getting a malicious JS code to execute behind the scenes, amongst many others. parameter tampering: One of the most common exploit methods used by hackers is to probe into application security defenses by tampering input parameters (fields). With s, such tampering could simply expose a poorly written to reveal sensitive data. Man in the middle attacks: An unencrypted connection between the client and the server can expose a lot of sensitive data to hackers. Since s are becoming a preferred vehicle for data exchange with the easy to use JSON format, an unsecured transmission is an open invitation for data theft. Session cookie tampering: Attacks can attempt to tamper cookies to either bypass security or to send false data to application servers. While session cookie tampering is a well-known channel for attacking traditional web applications, it is equally relevant for s. 4

As another potential attack vector, gateways need layered security control and defense. Access violation: Most Internet of Things (IoT) devices are designed to communicate to their corresponding enterprise servers using the channel. These IoT devices in some cases authenticate themselves at the server using client certificates. If a hacker gets control over an from the IoT endpoint, they could easily re-sequence the order of s and cause data leaks or undesired operations. Many gateways do authentication and validation in some form, but that is not enough to stop the application attacks that are mentioned above. As another potential attack vector, gateways need layered security control and defense. A WAF on the front end helps with access control, bot and DDoS protection, threat detection and filtering. WAF deployed in front of resources protects core applications by validating and monitoring traffic. Securing s with Web Application Firewalls WAF deployed in front of resources protects core applications by validating and monitoring traffic, and leverages WAF features like profiling and content inspection to identify and protect against malicious activity. This enables the full range of WAF features such as rate-limiting, session validation, user tracking, client certificate validation, protocol validation, reputation and community services. CLIENTS SERVERS Desktop App Web App Mobile App BOT MITIGATION CDN IMPERVA APP SECURITY WAF THREAT INTELLIGENCE Gateway Internet of Things Figure 3: Protecting applications, websites and s 5

Imperva Security provides a layer of monitoring and protection over the use of s in your network. Security feature set includes the following: Blocks malicious bot activity and DDoS attacks As s represent a gateway to your computing resources, malicious users can attempt to use this gateway to probe your network and attempt to run automated (bot) attacks. Imperva App Security offers a number of tools to block malicious bot activity. This is done using various mechanisms such as identifying and blocking traffic from malicious IP addresses, blocking traffic from geographic locations which are known to be the source of malicious traffic, and by configuring policies that set rate limits. Protects s against exploits and technical attacks Imperva WAF can be configured to inspect content and defend against OWASP Top 10 attacks such as Cross-Site Scripting (XSS) and SQL Injection (SQLi), it also utilizes signatures for attacks specific to these content types, such as XXE. Request Profiling protects against parameter tampering Protects against parameter tampering and malicious fields Imperva SecureSphere Request Profiling protects against parameter tampering and malicious fields by profiling calls and blocking malformed calls, including JSON and nested parameters, as well as inspects requests for compliance. SecureSphere learns all URLs and their parameters as part of the learning process of SecureSphere profiling. Open s can be used to configure profiles reducing the time and increasing the scalability of profiling URLs. Enforces Encryption Imperva WAF can prevent unauthorized access to your organization s computing resources when working in Reverse Proxy (KRP, TRP) by enforcing TLS communication between clients and servers. This can be useful when you have HTTP-only s and want to add encryption to a single point. Additionally, you can enforce TLS versions and which ciphers are being used. 6

Protect session cookies Imperva s cookie protection provides protection against improper session handling/ session management and tracking. Session Cookie protection for security uses standard WAF Cookie Protection. Access control by tracking users with client certificates Imperva SecureSphere learns a web application s login URLs as part of the process of building the Web application profile. When a Web application user successfully authenticates to the application, SecureSphere associates the Web application user name with an HTTP session and IP address, and tracks the user throughout the duration of the session. Securing s requires applying the same application security best practices Today s modern services are extensively using public s and making them an attractive target for cybercriminals looking to gain access into your environment. Securing s requires applying the same application security best practices as in the past, but using right solutions built to handle an environment and accompanying threats. Imperva application security solutions help you to securely build DevOps and Micro-services architecture. Contact us today to find out how Imperva solutions can integrate into your DevOps workflow and protect your s, applications and data from cyber threats. 2017, Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula, Skyfence, CounterBreach and ThreatRadar are trademarks of Imperva, Inc. and its subsidiaries. All other brand or product names are trademarks or registered trademarks of their respective holders. imperva.com 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback