API Security

Securing the code that powers APIs: Custom code, third-party code, and anything in between

The challenge

Applications feature two types of APIs with different security requirements. THE Accuracy of a comprehensive defense relies on context provided by the running code.
Remote APIs
Visibility ends at the network

Remote APIs expose a service, making it possible for applications to interact with other systems such as a browser or mobile device.

Risks Faced:
  • Authentication
  • Authorization (it can be called by someone or something?)
  • Insecure Direct Object Reference
  • Cross-site Scripting (XSS)
  • API Abuse
Code APIS
FULL CONTEXT OF THE APPLICATION

Code APIs give life to remote APIs, enabling the application to gather data and respond to incoming requests.

Risks Faced:
  • Injection Attacks
  • Authorization (can someone or something act on what was requested?)
  • Deserialization
  • Sensitive Data and Logging
  • Components With Known Vulnerabilities

The contrast solution

CONTRAST DEFENDS CODE APIS THAT POWER ALL APPLICATIONS.
Asset 2-Feb-24-2021-09-31-03-33-AM

Monitoring the security of code APIs

Understand custom code, library code, and third-party code

Expand your application for better defense in depth by leveraging code to reduce false alerts. By monitoring code APIs, Contrast can locate custom vulnerabilities in applications through normal usage or testing without the need for a dedicated security test.

Leverage automation to understand the impact of code security on APIs. A single agent enables teams to identify vulnerable libraries for known CVEs, ensuring that even “safe” code is not put together in an unsafe way.

Asset 3-4

Exploiting prevention & zero-day shielding

Defend against open vulnerabilities

Contrast Protect’s proprietary Runtime Exploit Prevention (REP) technology provides protection against exploit attempts on vulnerabilities that developers failed to fix. REP’s runtime context and software composition analysis (SCA) capabilities ensure blocking is highly accurate while differentiating between a truly exploitable attack and a “probe.”

In the event of zero-day attacks, Contrast Protect’s virtual patching capabilities enable a rapid response to all affected applications.
Administrators can quickly create and deploy virtual patches within seconds.

Learn how contrast Defends APIs.

Learn more about how to use contrast Oss, Assess, and Protect to Integrate security across the software life cycle with a single agent.

Asset 7-4

GET HANDS-ON
FOR FREE.

EXPERIENCE THE FULL FUNCTIONALITIES OF THE COMPLETE PLATFORM ON ONE APPLICATION WITH CONTRAST COMMUNITY EDITION.

get-handson