APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • About us
Apac

  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cryptocurrency

    Cyber Security

    Digital Transformation

    Drone

    HPC

    Infrared

    Internet of Things

    Networking

    PropTech

    Remote Work

    Scheduling Software

    Simulation

    Startup

    Storage

    Wireless

  • Banking

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Healthcare

    Insurance

    Legal

    Manufacturing

    Pharma and Life Science

    Retail

    Travel and Hospitality

  • Atlassian

    CISCO

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cloud-based Planning

    Cognitive

    Compliance

    Contact Center

    Contact Tracing

    Contactless Payments

    Content Management System

    Corporate Finance

    CRM

    Custom Software Development

    Data Center

    Enterprise Architecture

    Enterprise Communications

    Enterprise Contract Management

    ERP

    Field Service

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    Product Management

    RegTech

    Revenue Management

    Sales Tech

Menu
    • Augmented Reality
    • Agile
    • Cognitive
    • Cyber Security
    • Digital Transformation
    • Atlassian
    • E-Commerce
    • Managed Services
    • RegTech
    • CISCO
    • Blockchain
    • IoT
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • News
    • Security
    Editor's Pick (1 - 4 of 8)
    left
    The Organization's Responsibility for its Own Protection

    Michael Wallmannsberger, Chief Information Security Officer, Wynyard Group

    Don't Rush to Hire an Anti-DDoS Expert!

    Barry Greene, Co-founder and Chief, Technical Officer, GETIT

    Attaining the Needs of Infrastructure Investment

    Yong Chiang Neo, CIO

    Constructing a Marketing IT Collaboration

    Jenny Williams,

    The Organic Adaptability of IT

    Pedro Sttau,

    The Weakest Link Is Your Strongest Security Asset

    Christian Anschuetz, CIO & Security Practitioner, UL

    Achieving Greater Business Value with Innovation

    Denise A. Saiki, CIO& VP Enterprise Business Services, Lockheed Martin

    Using Data Analytics for Loss Prevention

    Jonathan Lowsley, CIO, ADrive

    right

    Five Security Measures to Overcome API Vulnerabilities

    By Apac CIO Outlook | Thursday, January 01, 1970
    Tweet

    Protection against Api vulnerabilitiesEffective security measures are paramount while building an application programming interface (API). However, locking down an API with stringent security mechanisms leads to decreased productivity because APIs are designed to aid developers to carry out varying tasks with ease.

    To resolve this challenge, API providers must find a balance between complicated system dependencies and strong protection capabilities against digital threats. That being said, the following are five security measures that help API teams find the perfect balance.

    API Authentication

    Industry-standard authorization mechanisms like OAuth/OpenID Connect and Transport Layer Security (TLS) are essential because a vulnerable API could potentially be the gateway that cybercriminals exploit to gain access to an organization's database.

    Protection Against Injection Attacks

    With the threat of injection attacks taking various forms such as SQL, RegEx, and XML, APIs should be designed with an awareness mechanism to avoid such attacks. Furthermore, monitoring of APIs after deployment should be carried out to ensure that the production code is not exposed.

    Monitoring Unencrypted Data

    APIs play an important role in the encryption of sensitive data through the entire transition process, and after it reaches the point of consumption. API providers must go beyond basic security mechanisms and utilize trace tools for debugging issues, enforce data masking, and leverage tokenization for PCI and PII data.

    Countermeasures against Malicious Requests

    Public APIs have to constantly assess incoming requests and determine whether it can be trusted. Moreover, even when APIs deny access to a suspicious request, the malicious user can resend requests or replay a trusted user request until it is accepted. APIs must, therefore, deploy countermeasures such as rate-limiting policies, HMAC authentication, or a short-lived token facilitated OAuth to combat these brute force attacks.

    Uniform Resource Identifier (URI) Data

    As a security measure, API keys for authorized access are often sufficient. However, keys may be compromised if they are sent through URI as sensitive data, including API keys and passwords, which may become vulnerable to attacks when URI details are displayed in browsers or system logs. API teams can send keys as a message authorization header or use the HTTP POST method to avoid exposure of sensitive data.

    An API designed with an awareness of digital threats coupled with scalable data protection policies imposed across the organization can aid in effective protection against potential threats.

    See Also: Cyber Security Review Magazine

    Weekly Brief

    loading

    Featured Vendor

    • Green Radar: Delivering All-round Email Security
      Green Radar: Delivering All-round Email Security
    Top 10 Cyber Security Service/Consulting Companies - 2020
    Top 10 Cyber Security Companies - 2020
    ON THE DECK

    Cyber Security 2020

    Top Vendors

    Cyber Security 2019

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Technology Trends that Bring Revolutionary Changes in the Way Education Imparted Before

    Technology Trends that Bring Revolutionary Changes in the Way Education Imparted Before
    What Is the Role of AI in Managed Services?

    What Is the Role of AI in Managed Services?
    Four Mistakes to Avoid when Implementing Digital Transformation

    Four Mistakes to Avoid when Implementing Digital Transformation
    How Edge Computing will Address IoT Challenges?

    How Edge Computing will Address IoT Challenges?

    What Are the Differences Between AI and Cognitive Computing?

    What Are the Differences Between AI and Cognitive Computing?
    The Importance of AIOps in Digital Transformation Journey

    The Importance of AIOps in Digital Transformation Journey
    Loading...

    Copyright © 2021 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://www.apacciooutlook.com/news/five-security-measures-to-overcome-api-vulnerabilities-nwid-5496.html