Cisco Panoptica evaluates internal and external APIs accessed by your workloads. This evaluation is based on these sources:
- API Spec analysis - Panoptica analyzes an API spec (if supplied) for security issues (for example, a weak authentication method), and generates a list of security findings.
- API Trace analysis - Panoptica performs a run-time trace analysis of actual API traffic used by workloads in your clusters, and generates a list of security findings. This analysis identifies risky operations in the way the APIs are used, that are not identified by the spec analysis. This could include, for example, sensitive information (IP addresses, usernames, passwords) passed in the clear.
- BFLA testing on the API
- API Fuzzing tests - these test the API for vulnerabilities and security issues (for example, whether authentication rules are enforced, and field types checked)
- external ranking services - these are external services that publish security ratings for public APIs.
You can see risk findings for the API in the RISK FINDINGS tab, based on actual monitored traffic.
They are shown in these categories.
The Security Posture tab shows a list of findings, grouped by category.
Hover over a category to see a summary of the number of findings for each severity level.
Click on a category to show more detail. This shows the distribution of findings of each severity over time, and a list of each finding in the category.
Click on a finding to show more detail for it, including suggested mitigation activities.
The source field shows the source for the finding. This could be the Panoptica trace analysis (see below), API spec analysis, BFLA testing, Fuzzing testing, or external risk evaluation sources.
These are the categories into which findings are grouped.
- User (file sharing issues, etc...),
- Email (SPF, DKIM, certificates issues, etc...)
- Network (SSL configurations, open port, certificates issues, etc...)
- Application (application security issues, including findings from API Fuzzing testing etc...)
- Patch (mainly patching cadence issues)
- System (insecure systems, server & desktop software vulnerabilities, software version vulnerabilities, unsolicited communications, malware, botnet inf., spam, etc...)
- Mobile (mobile software or mobile security)
- DNS (dnssec, domain squat)
- Data_incident (data_breaches, etc...)
- API-specification (findings from API Spec analysis)
- Authentication (findings from trace analysis)
- Server-workload-security (workload security issues detected by Panoptica)
Updated 2 months ago