Applications feature two types of APIs with different security requirements. The accuracy of a comprehensive defense relies on context provided by the running code.
Remote APIs expose a service, making it possible for applications to interact with other systems such as a browser or mobile device.
- Insecure Direct Object Reference
- Cross-site Scripting (XSS)
- API Abuse
Code APIs give life to remote APIs, enabling the application to gather data and respond to incoming requests.
- Injection Attacks
- Authorization (can someone or something act on what was requested?)
- Sensitive Data and Logging
- Components With Known Vulnerabilities
Adopt a continuous approach to API security across the API development and delivery cycle, designing security into APIs. Include API security testing and the creation and application of reusable API security policies.”
Gartner®, “API Security: What You Need to Do to Protect Your APIs”, Mark O'Neill, et al, Refreshed 1 March 2021, Published 28 August 2019.
API security challenges have emerged as a top concern for most software engineering leaders, as unmanaged and unsecured APIs create vulnerabilities that could accelerate multimillion dollar security incidents”
Gartner®, “Predicts 2022: APIs Demand Improved Security and Management”, Shameen Pillai, et al, Published 6 December 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Discover why the Contrast Secure Code Platform is built for DevSecOps
The Contrast Solution
Contrast defends code APIs that power all applications.
Monitoring the security
of code APIs
Understand custom code, library code, and third-party code
Expand your application for better defense in depth by leveraging code to reduce false alerts. By monitoring code APIs, Contrast can locate custom vulnerabilities in applications through normal usage or testing without the need for a dedicated security test.
Leverage automation to understand the impact of code security on APIs. A single agent enables teams to identify vulnerable libraries for known CVEs, ensuring that even “safe” code is not put together in an unsafe way.
Stopping zero-day attacks
Defend against open vulnerabilities
Contrast provides protection against exploits against code.. Contrast’s runtime context and software composition analysis (SCA) capabilities ensure blocking is highly accurate while differentiating between a truly exploitable attack and a “probe.”
In the event of zero-day attacks, Contrast can block attacks against APIs without patching or updating.
Learn how Contrast customers were protected against Log4j attacks
Learn how Contrast
Learn more about how to test and
protect your APIs