By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications."
As 2022 approaches, this prediction could arguably be counted as “missed” — but only because we underestimated the steep rise in attacks on APIs.”
APIs fuel digital transformation and are essential components of business-critical, customer-facing applications, development environments, and partner-facing services. APIs today expose application business logic and more sensitive data than ever. Attackers have taken notice, and in recent years, APIs have become the primary target for their efforts.
From eliminating API vulnerabilities during the build phase to automated discovery of new and changed APIs to identifying and stopping attackers in runtime, you need to continuously protect and harden your APIs. Ensure protection across REST, GraphQL, SOAP, and other API types.
Detecting low-and-slow attack activity that targets an API’s unique vulnerabilities depends on having context. Building that context requires deep analysis of massive amounts of API traffic. This kind of advanced protection must have a rich baseline of normal behavior for every API and user so that the system can spot anomalies quickly and correlate activity over time to build a fingerprint for each bad actor.
Traditional tools, typically built on a proxy architecture, are not able to analyze activity over time – they see each transaction in isolation and apply pattern matching using signatures and rules to block known attacks. No matter what functionality they gain over time, they will never have the context needed to piece together the subtle malicious activity of someone attacking an API, so they’ll never be able to stop API attacks.
Tools like WAFs and API gateways don't have any context for what's happening across APIs and, in turn, cannot effectively detect or protect against exploitation. Salt pulls together all the activity of all users, so it can find and stop attackers in their tracks.
In this demonstration, we use Postman to launch a combination of more traditional (SQLi, XSS) and more sophisticated API attacks. The video demonstrates the difference between what a WAF can identify and block vs. the attacks the Salt platform is able to prevent.