Background

In recent years, API is the key to support online application connection and data transmission with the increase of digital services, and it is very common in the application environment. These APIs carrying a large amount of high-value data are the focus of network hackers, and they are also the "the meat and potatoes" of attackers. There are many API vulnerabilities among the exploitable vulnerabilities exposed in network security attack and defense services in previous years.

Security Challenges
Judging from the previous actual combat cases, the following several key points are easily ignored by organizational units in the process of sorting out the attack surface.
Shadow API
In the process of asset managing, it is inevitable that some assets are out of security sight. For example, some APIs have not passed through WAF or API gateway, and there are historical zombie APIs, which are vulnerable to attack due to lack of security protection.
Logic Vulnerability
It is difficult for traditional security detection products to find logic vulnerabilities (security defects) such as unauthorized access, exceeding authorized access, weak password, unreasonable error prompt, and directory browsing . For example, the attacker may make use of unauthorized access and exceeding access to obtain sensitive data such as administrator account and password, or directly perform high privileged actions to control the system.
Sensitive Traffic
Existing WAF, API gateway and other products mainly detect inbound traffic, and lack the detection of outbound traffic. If the sensitive data in cleartext is exposed in outbound traffic, it may be used by attackers, such as sending phishing emails after obtaining the mailbox of internal employees.
High-Risk Components
The back-end components that host the API may have security risks (for example, a critical vulnerability has not been repaired). Moreover, these components are exposed to the Internet because the API provides external services, and often become targets of attackers.
Solutions

Based on the threat intelligence of the whole network and the attack ideas of the attackers, as well as a large number of actual cases of API attacks, Threat Hunter has launched an API security management scheme for the scenario of network security attack and defense services to help users more effectively carry out attack and defense services and improve the level of network security defense.

Core Advantages
Management of dynamic API assets
  • Through automatic identification of business API calling relationship, comprehensively and continuously check API interfaces, including shadow API, zombie API, old API and API with repeated functions, to reduce risk exposure.
  • Continuously monitor the flow of sensitive data, support the identification of 84 kinds of sensitive data, support the customized detection of sensitive data to reduce the data exposure.
  • Continuously and dynamically manage system access accounts, record account access and operation behaviors in multiple dimensions, actively identify risk actions, and also provide the enterprise with the ability to trace the behavior.
Continuous evaluation of API defects
  • Comprehensively and continuously assess API defects, support the detection of 64 security defects in 7 categories, and fully cover the security issues of OWASP API Top 10.
  • Help enterprises improve the efficiency of repairing defects through complete and clear defect samples and automated verification process.
Precise perception of API attack
  • Build API behavior baseline based on intelligence, and timely discover API attacks, account exceptions and other risks. The system supports the output of multi-dimensional IOC exception identification, rapidly and automatically block linkage with WAF, risk control, etc.
Why Threat Hunter?
Comprehensively detect potential attack surface
Manage the security of data assets, comprehensively screen API risk points, identify shadow API, zombie API and other assets to reduce attack surface.
Improve the security of overall business
Evaluate and repair business defects, identify and repair API defects in advance to improve the security of overall business.
Improve API risk prevention capability
Monitor API security risk behaviors such as account collision, authority abuse, API attack, data theft, etc.in real time.
Traceability of API security risk
For API attack events, trace the attack behavior, path, mode and tools, etc.
Start a trial >