API Security

API Security

API Security Leader

Forum Systems named Market Champion, Market Leader, Overall Leader, Product Leader, and Innovation Leader in KuppingerCole 2021 API Management and Security Leadership Compass for it’s flagship product Forum Sentry.

Industry Leading API Security Innovation

To keep up with API Security threats, you need to use API Security technology.  Forum Sentry is a product technology that has built-in capabilities that address all variants of API threats and enable a safe, simple, and secure API architecture.

  • API Cyber-Security Protection

  • API Data Transformation

  • API Data Leakage Protection

  • API AV Scanning

  • API TLS Acceleration

  • API Access Control

  • API Mobile and Cloud Security

  • API Encryption

  • API SSO

  • API Data Filtering

  • API Protocol Conversion

  • API Monitoring

  • API Legacy Enablement

  • API Continuous Authentication

Underprotected APIs

Security is critical for a successful API Economy where devices, services, identities, and data are exposed via APIs. API Security is a critical aspect of producing and consuming APIs to protect against threat and compromise.   The field of API Security goes well beyond simple access control as it must also consider the actual security of data in motion and at rest which means that the security technology must support encryption, signatures, continuous authentication, auditing, and much more.

API Security has been recognized by OWASP as a significant exposure that should be addressed while deploying APIs. The Top 10 List published by OWASP details the threats and recommended mitigation. 

The Forum Sentry product technology protects against all OWASP Top 10 API Threats for assured security in your API architecture.

 

Understanding API Security Vulnerabilities and Remediation Strategies

Security Vulnerabilities and their remediation strategies are clearly delineated in OWASP Top 10 API Security

The key aspects of protecting APIs include:

  • Providing a hardened parser that protects against JSON and XML parsing attacks
  • Detecting malware, viruses, and injection attacks such as SQL Injection entering via APIs where the traffic is encoded or encrypted and has to be decoded for threat inspection
  • Enabling secure communication via strong ciphers
  • Enabling continuous authentication for your APIs so that all requests and responses are continually validated
  • Enabling strong authorization and access control schemes for your APIs 

Transport Security

Protocol break Built-in PKI engine FIPS 140-2 TLS 1.2 ciphers Protocol translation

Message Security

Bi-directional transaction correlation Full payload contextual analysis

Threat Mitigation

AV and malware scanning OWASP top 10 protection RegEx pattern engine Rate and size SLA control

Data Integrity

Request and response schema validation DSIG and DSIG Verification

Data Privacy Assurance

Encryption and Decryption Data encoding or redaction

Authentication and SSO

Conversion of any-to-any PKI Auth, HTTP Auth, SAML, OAuth, OpenID Custom identity token

Data Translation

Header and Body mapping Conversion of XML, JSON Transformation

Auditing

Machine Learning META Data Format AI Logs Full context transaction logging

Learn more about Forum Sentry API Security capabilities