{"id":5990,"date":"2018-11-15T00:00:00","date_gmt":"2018-11-15T00:00:00","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/2018\/11\/15\/how-to-control-api-security-risks\/"},"modified":"2021-08-23T18:44:53","modified_gmt":"2021-08-23T18:44:53","slug":"how-to-control-api-security-risks","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/","title":{"rendered":"How to Control API Security Risks"},"content":{"rendered":"<div id=\"article-content\">\n<div id=\"article-ads\">\n<div class=\"hidden-xs\">\n<div id=\"daily-newsletter\" class=\"row\">\n<div class=\"text-center\">\n<div class=\"col-md-6 col-md-offset-3\">\n<div id=\"namecard-input-groupwz\" class=\"input-group\">\n<span class=\"input-group-btn\"><\/p>\n<p><\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/div>\n<p>The enterprise use of APIs (application programming interfaces) is exploding, as more and more businesses embark on digital transformation and look for ways to make money by exposing their data to outsiders through apps, websites, and other third-party integrations.<\/p>\n<p>The downside to all those APIs is they can pose a major IT security risk.<\/p>\n<p>&#8220;APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company&#8217;s data,&#8221; warned Terry Ray, chief security officer for Imperva. &#8220;To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.&#8221;<\/p>\n<p>The source of the risks posed by APIs is explained comprehensively by Scott Morrison, a distinguished engineer at CA Technologies, in a <a href=\"https:\/\/www.ca.com\/content\/dam\/ca\/us\/files\/ebook\/five-simple-strategies-for-securing-apis.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">white paper<\/a> on API security.<\/p>\n<p>&#8220;The problem with APIs is that they often provide a roadmap describing the underlying implementation of an application \u2013 details that would otherwise be buried under layers of web app functionality,&#8221; he said. &#8220;This can give hackers valuable clues that could lead to attack vectors they might otherwise overlook. APIs tend to be extremely clear and self-documenting at their best, providing insight into internal objects and even internal database structure \u2013 all valuable intelligence for hackers.&#8221;<\/p>\n<p>Morrison adds that increased visibility is not the only risk APIs introduce. &#8220;Increasing the number of potential calls also increases the attack surface, meaning that a hacker simply has more to exploit.<\/p>\n<p>&#8220;Risk,&#8221; he said, &#8220;increases with opportunity.&#8221;<\/p>\n<h2>How API security can be breached<\/h2>\n<p>\u00a0In practical terms, there are three main ways (but not the only ones) in which APIs can be exploited by malicious actors to gain access to data or computing infrastructure, according to Morrison.<\/p>\n<p>These are:<\/p>\n<ul>\n<li><strong>Parameter attacks<\/strong>. These involve submitting unexpected data to exploit weaknesses in applications and databases. The most common type of parameter attack is a <a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-to-prevent-sql-injection-attacks\/\">SQL injection attack<\/a>, which can be successful if developers do not sanitize inputs. Morrison points out that in contrast to many web apps, APIs often clearly identify a parameter&#8217;s underlying usage by its name, making an attacker&#8217;s job much easier.<\/li>\n<li><strong>Identity attacks.<\/strong> An API key is a code that individual apps use to identify themselves to an API. They are meant to be secret and concealed by developers, but in practice it is often easy to uncover them. That means that APIs that use API keys as authoritative credentials are at risk \u2013 anyone with the API key can use them to write malicious code that impersonates another legitimate application.<\/li>\n<li><strong>Man in the middle (MITM) attacks<\/strong>. These occur when an attacker sits between an API and an application\/user, intercepting the traffic between the two and sometimes impersonating each to the other. They are possible because many APIs do not use SSL\/TLS properly (or at all).<\/li>\n<\/ul>\n<h2>Preventing API attacks<\/h2>\n<p>Here are a few ways organizations can reduce API security risks.<\/p>\n<h3>Threat: Parameter attacks<\/h3>\n<ul>\n<li>Mitigation 1: Validate all incoming data<\/li>\n<li>Mitigation 2: Use threat detection, including virus detection<\/li>\n<\/ul>\n<h3>Threat: Identity attacks<\/h3>\n<ul>\n<li>Mitigation: Use effective authentication and authorization methods. Morrison recommends using practical factors such as source IP, access time windows, device identification (for mobile apps), and\u00a0 geolocation.<\/li>\n<\/ul>\n<h3>Threat: MITM attacks<\/h3>\n<ul>\n<li>Mitigation: Use TLS for all data exchanges<\/li>\n<\/ul>\n<h2>API security platforms<\/h2>\n<p>The top three API attack vectors are by no means the only vulnerabilities that introduce API risk. To minimize other risks that APIs pose, it is advisable to use a proven API security solution.<\/p>\n<p>In very general terms, API security platforms can:<\/p>\n<ul>\n<li>Help expose systems of record and other systems and applications securely through APIs by consistently applying policies such as authentication<\/li>\n<li>Onboard and manage in-house and third-party developers so they can create applications using those APIs<\/li>\n<li>Allow organizations to choose which apps, developers and partners can access which APIs<\/li>\n<li>Help secure data in accordance with <a href=\"https:\/\/www.esecurityplanet.com\/networks\/security-compliance\/\">compliance regulations<\/a> and other requirements<\/li>\n<\/ul>\n<p>Gartner&#8217;s Paolo Malinverno categorizes the functionality that API security products supply into broad areas:<\/p>\n<ul>\n<li>Planning<\/li>\n<li>Design<\/li>\n<li>Implementation<\/li>\n<li>Testing<\/li>\n<li>Publication<\/li>\n<li>Operation<\/li>\n<li>Consumption<\/li>\n<li>Maintenance<\/li>\n<li>Versioning<\/li>\n<li>Retirement<\/li>\n<\/ul>\n<p>Effectively then, API security solutions offer API management over the entire lifecycle of an API, from inception to retirement.<\/p>\n<h2>API security market growing<\/h2>\n<p>The market for API security products is potentially huge. To get an idea of the scale of API usage, consider these statistics: 69 per cent of organizations are exposing APIs to their customers and partners, according to an Imperva poll of 250 IT professionals, and each organization is on average managing a staggering 363 different APIs.<\/p>\n<p>Not surprisingly, API security product sales are growing rapidly as organizations increasingly see the need to protect their API-related activities. In 2017 the market was worth $961 million, according to Gartner, and it is expected to exceed $1 billion by the end of 2018. From 2016 to 2021, Gartner expects the market to grow at a compound annual rate of almost 15 percent.<\/p>\n<p>Many API security products are actually API management products that bring APIs under centralized control and allow security and other policies to be applied to them in a systematic and unified way.<\/p>\n<p>They can also help avoid uncontrolled API sprawl, which results when APIs are created in different parts of the organization by different developer groups, without any consistent approach to security. They can also help prevent APIs from being abandoned and forgotten about rather than retired securely.<\/p>\n<p>&#8220;When you have visibility into your APIs throughout your organization, you can then put controls in place,&#8221; said Subra Kumaraswamy, the former head of product security at Apigee, an API security vendor owned by Google. &#8220;You might decide that a certain API should only be exposed to in-house developers, not external, third-party ones. If you don&#8217;t have visibility, you can&#8217;t see who is accessing what.&#8221;<\/p>\n<p>&#8220;If you have API sprawl, that is also bad. API management ensures that you have consistency and you don&#8217;t duplicate stuff,&#8221; he added. &#8220;For example, if you have five departments that use five different authentication methods for your APIs, that&#8217;s not consistent. A management product lets you enforce <a href=\"https:\/\/www.esecurityplanet.com\/mobile\/multi-factor-authentication\/\">two-factor authentication<\/a> if that&#8217;s what you want. You can drag and drop a policy and secure all your APIs in one shot.&#8221;<\/p>\n<h2>API security platform vendors and products<\/h2>\n<p>The market for API security products is becoming increasingly mature, and many of the smaller participants have been acquired by larger companies: Apigee was acquired by Google, Apiary by Oracly, Akana by Rogue Wave, 3scale by Red Hat, and MuleSoft by Salesforce, for example.<\/p>\n<p>Although API security is still sold as an on-premises solution, it is also increasingly available as part of a cloud service, from the likes of Amazon, Google, and Microsoft.<\/p>\n<p>The leading products today, according to Gartner&#8217;s 2018 Magic Quadrant for <a href=\"https:\/\/rapidapi.com\/blog\/api-architecture\/\" rel=\"noopener\" target=\"_blank\">Full Life Cycle API Management<\/a>, include:<\/p>\n<ul>\n<li>Google Apigee<\/li>\n<li>CA Technologies CA API Management<\/li>\n<li>IBM IBM API Connect<\/li>\n<li>Software AG webMethods API Management Platform<\/li>\n<li>Salesforce Mulesoft \u00a0Anypoint Platform<\/li>\n<li>TIBCO Software Mashery<\/li>\n<li>Red Hat 3scale API Management<\/li>\n<li>SAP Cloud Platform API Management<\/li>\n<li>Amazon Web Services Amazon API Gateway<\/li>\n<li>Axway AMPLIFY API Management<\/li>\n<li>Microsoft Azure API Gateway<\/li>\n<\/ul>\n<\/div>\n\n\n<div id=\"ta-campaign-widget-66d6d0d5aee2c-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6d0d5aee2c\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6d0d5aee2c\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6d0d5aee2c\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6d0d5aee2c\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6d0d5aee2c\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6d0d5aee2c\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The enterprise use of APIs (application programming interfaces) is exploding, as more and more businesses embark on digital transformation and look for ways to make money by exposing their data to outsiders through apps, websites, and other third-party integrations. The downside to all those APIs is they can pose a major IT security risk. &#8220;APIs [&hellip;]<\/p>\n","protected":false},"author":226,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[22],"tags":[4344],"b2b_audience":[33,34],"b2b_industry":[],"b2b_product":[382,82],"class_list":["post-5990","post","type-post","status-publish","format-standard","hentry","category-applications","tag-application-security","b2b_audience-awareness-and-consideration","b2b_audience-evaluation-and-selection","b2b_product-application-security-vulnerability-management","b2b_product-security-development"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Control API Security Risks | eSecurity Planet<\/title>\n<meta name=\"description\" content=\"Plugging critical vulnerabilities and using API security products are the best ways to manage API security risks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Control API Security Risks | eSecurity Planet\" \/>\n<meta property=\"og:description\" content=\"Plugging critical vulnerabilities and using API security products are the best ways to manage API security risks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-15T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-23T18:44:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/12\/eSecurity_redesign_badgecolor.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Paul Rubens\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Paul Rubens\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/\"},\"author\":{\"name\":\"Paul Rubens\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/98ff3e45922f3d3cc322e48f2036768c\"},\"headline\":\"How to Control API Security Risks\",\"datePublished\":\"2018-11-15T00:00:00+00:00\",\"dateModified\":\"2021-08-23T18:44:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/\"},\"wordCount\":1171,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"keywords\":[\"application-security\"],\"articleSection\":[\"Applications\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/\",\"name\":\"How to Control API Security Risks | eSecurity Planet\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"datePublished\":\"2018-11-15T00:00:00+00:00\",\"dateModified\":\"2021-08-23T18:44:53+00:00\",\"description\":\"Plugging critical vulnerabilities and using API security products are the best ways to manage API security risks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Control API Security Risks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/98ff3e45922f3d3cc322e48f2036768c\",\"name\":\"Paul Rubens\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/12\/Paul_head_An_400x400-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/12\/Paul_head_An_400x400-150x150.jpg\",\"caption\":\"Paul Rubens\"},\"description\":\"Paul Rubens is a technology journalist based in England, and is an eSecurity Planet contributor.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/paul-rubens-esp\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Control API Security Risks | eSecurity Planet","description":"Plugging critical vulnerabilities and using API security products are the best ways to manage API security risks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/","og_locale":"en_US","og_type":"article","og_title":"How to Control API Security Risks | eSecurity Planet","og_description":"Plugging critical vulnerabilities and using API security products are the best ways to manage API security risks.","og_url":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/","og_site_name":"eSecurity Planet","article_published_time":"2018-11-15T00:00:00+00:00","article_modified_time":"2021-08-23T18:44:53+00:00","og_image":[{"width":600,"height":600,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/12\/eSecurity_redesign_badgecolor.png","type":"image\/png"}],"author":"Paul Rubens","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Paul Rubens","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/"},"author":{"name":"Paul Rubens","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/98ff3e45922f3d3cc322e48f2036768c"},"headline":"How to Control API Security Risks","datePublished":"2018-11-15T00:00:00+00:00","dateModified":"2021-08-23T18:44:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/"},"wordCount":1171,"commentCount":0,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"keywords":["application-security"],"articleSection":["Applications"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/","url":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/","name":"How to Control API Security Risks | eSecurity Planet","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"datePublished":"2018-11-15T00:00:00+00:00","dateModified":"2021-08-23T18:44:53+00:00","description":"Plugging critical vulnerabilities and using API security products are the best ways to manage API security risks.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/applications\/how-to-control-api-security-risks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"How to Control API Security Risks"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/98ff3e45922f3d3cc322e48f2036768c","name":"Paul Rubens","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/12\/Paul_head_An_400x400-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/12\/Paul_head_An_400x400-150x150.jpg","caption":"Paul Rubens"},"description":"Paul Rubens is a technology journalist based in England, and is an eSecurity Planet contributor.","url":"https:\/\/www.esecurityplanet.com\/author\/paul-rubens-esp\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/5990"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/226"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=5990"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/5990\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=5990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=5990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=5990"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=5990"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=5990"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=5990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}