As the key technology of online application connection and data transmission, API carries the core business logic and a large amount of sensitive data of the enterprise, so it becomes the key target of attackers to steal data. In recent years, with the digital transformation and upgrading of enterprises, the number of APIs has increased sharply, the iteration and release cycle of APIs have also been accelerated. Under the current concept of "focusing on business and ignoring security", many enterprises lack key protection for APIs. It is difficult for enterprises to obtain comprehensive information, for instance, what APIs are exposed to the public, which APIs carry sensitive data, and which APIs have security defects, etc., and a large number of APIs have become blind spots of enterprise digital asset security management.
Threat Hunter API data asset management solution can deploy the API security control platform in bypass mode and get access to business mirrored traffic without affecting business continuity and existing network architecture. Through traffic analysis, automatically discover all public, private and partner-oriented APIs, as well as Zombie APIs and inactive APIs, establish an API list, and classify API assets. According to the original request and response of the API, identify the sensitive data transferred and API defects and comprehensively master and effectively manage the API data assets of the enterprise to improve the security of overall business.
The bypass deployment mode is adopted, without changing the existing network structure of the service with zero business interference.
Conduct the mapping of dynamic API assets and flow data, and comprehensively grasp the API data assets.
Support the detection of 64 defects in 7 categories, and fully cover the security issues of OWASP API Top 10.
Based on security operation, provide API asset management system to improve business security.