API Security

Cloud architectures have led to a proliferation of microservices. APIs are the means to enable interaction between those microservices—whether within the same app, or between applications.

The APIs you expose (internally and externally) as well as third-party APIs your applications consume may entail security risks, making API security a top priority. Panoptica analyzes risks associated with APIs and assigns risk scores, which can be used to create policies that manage your API usage and behavior.

Securing APIs with Panoptica

Panoptica helps keep your APIs secure in a number of ways:

  • API Discovery: Provides visibility by automatically building API inventories of both Internal APIs and Third-party APIs
  • Security Insights: Assesses the security risks associated with your APIs, and displays them on the Findings tab, including a severity rating, description, and mitigation. These findings are based on a variety of methods:
    • Spec Analysis -- either OAS specifications you provide, or OAS specifications reconstructed from real API traces
    • Spec Drift Detection
    • 3rd party API Scoring
    • API Fuzz Testing
    • API Trace analysis
    • BFLA detection
  • API Policies: Panoptica provides a way to define when an API is compliant, and how each API can run and interact in your environment based on that compliance.

API discovery and the API security features need to observe real API traffic. To achieve this, make sure to complete the API Security requirements when deploying Panoptica.