The session will focus on delivering the key trends in APIs, API Management Platform technologies and how it is driving the API economy. We will also discuss the key drivers for digital transformation initiatives which include wide acceptance of APIs in Industry 4.0, Connected Devices, Cloud and Payments industry. Next, we will talk about the top 10 security risks in APIs, API Management Platforms, APIs integrations with cloud platforms, IoT/OT devices integrations with third-party applications. Lastly, we will uncover the need for implementing the API security governance framework and how to measure the API security programme’ s success through this governance framework.
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers, Security Risks and Mitigation Strategies
1. SACON
SACON International 2020
India | Bangalore | February 21 - 22 | Taj Yeshwantpur
The Power of APIs
API Economy Trends & Market Drivers , Top 10 Security Risks and Mitigation Strategies
Suhas Desai
Infosys
Industry Principal – Cyber Security
@desai_suhas
2. SACON 2020
• Trends in APIs , API Management Platform Technologies
• Overview on APIs , API Management Platform & API Economy
• Wide acceptance of APIs in Industry 4.0
• Top 10 security risks in APIs, API Management Platforms
• API Security Governance Framework
• API Security Good Practices
What we will discuss today
8. SACON 2020
• Application Programming Interface
• Interface that provides programmatic access to service functionality
and data within an application or a database (Gartner)
• Interface or Set of definitions or communication protocols used to
build/integrate software's
• It can used for web based applications, OS, DB, Devices and Libraries
APIs - Overview
9. SACON 2020
• Private/Internal APIs – Enterprises for their own consumption.
• Partner – Specific rights/access is required. Third party/paid API consumption.
• Public/External/Open APIs – Publically available. Oauth.
Types of APIs
12. SACON 2020
API Management Platform are used to manage API life cycle.
• Design
• Publish (Provisioning / De Provisioning)
• Security (through API Gateways)
• Analytics
• Documentation
• API Monetization
API Management Platforms for API Life Cycle
13. SACON 2020
1. Broadcom (CA) API Management Platform
2. Google Apigee API Management Platform
3. IBM API Connect
4. Mulesoft Anypoint Platform
5. TIBCO Cloud Mashery
6. Microsoft Azure API Management (Microsoft)
7. Red Hat 3scale API Management
8. Axway AMPLIFY API Management
Top 8 API Management Platforms
14. SACON 2020
API Economy
“The API economy is an enabler for turning a business or organization into a
platform.” Kristin R. Moyer, vice president and distinguished analyst at Gartner
16. SACON 2020
API Architecture
API Management
Platforms
API Middleware
API Gateway
Data Processing &
Analytics
API Connectors
Database
Operating
Systems
Web
Mobile
Devices
Enterprise
Application
Security
Compliance
Efficiency
Analytics
APIs at
Application or
Service Layer
Features
ChannelsChannels
API Initiation/ Requestor/Backend Services
Middleware/Platforms
17. SACON 2020
Top 10 Security Risks
API Security
Risks
Crypto
Services
Authentication
&
Authorization
APIs
Communication
Channels
Data Security
Business Logic
Implementation
Input
Validation
API Security
Governance
API Management
Platform
Misconfigurations
API Gateway and
Runtime Risks
Security Risks
in API
Monetization
Governance APIs & API Technology Platforms Monetization
23. SACON 2020
Good Practices to secure APIs
1 Enforce Strong SSL/TLS encryption over a Communication Channel
Digitally Sign the API Request Data with Current Timestamp in Request Headers to Prevent against from Request
Tampering & Replay Attacks.
Encrypt Sensitive Request Payloads while Requesting an API. Never expose API Sessions Tokens or Keys, Passwords in URL,
instead pass it through API Request Headers.
Validate & Sanitize Users Untrusted Input before processing at the Backend.
Authenticate API Resources and Requesting Entities mutually using PKI certificates. Make use of OAuth/OpenID Connect for
Authorization based on Users Control Access to the API Resources.
2
3
4
5
6 Set Quota Limit on Usage of Bandwidth, API Requests processing per unit time to avoid Denial of Service Attacks.
7 Implement and Make Use of Audit Logging & Monitoring Features to Uncover API Transaction Processing Disputes that may
have happened in the Past.
Setting up SLAs, Performance Benchmarks, Ensure Regulatory Governance, Risk & Compliance (GRC) Policy & Procedures are
being properly followed, according to below standards.
For e.g. Sarbanes Oxley (SOX), PCI DSS, GDPR, HIPAA, COBIT etc.
8
24. SACON 2020
• Secure Design of API, API Management Platform
• Security Governance and Security Assurance
• Good Practices in API Life Cycle
Summary
25. SACON 2020Source:: Linux Journal : Author – Suhas Desai
Crypto + Steganography with Python
Need community contribution to embed more cryptography & steganography libraries and APIs!
26. SACON 2020
For more details please contact:
Suhas Desai, Industry Principal – Infosys
E: suhasanandrao.desai@Infosys.com
Thank You!