Imperva API Security

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product

Specifications/Technical Information

Specifications/Technical Information
- Imperva Appliance Specifications

User stories

support

- Macnica Support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

Imperva

Security risks lurking in APIs

Web APIs (hereinafter referred to as APIs) are an essential element of modern applications on the web, mobile, IoT devices, and more.

APIs play an important role in providing various services in a wide range of industries, including finance, retail, logistics, IoT, autonomous driving, and various home appliances.

Requests to APIs often do not go through traditional routes such as browsers or native app agents, and because they handle confidential information such as personal information, they are increasingly becoming targets of attackers.

In addition to the traditional security threats that are subject to WAF, it also includes risks specific to APIs, such as business logic vulnerabilities.

Cases where business logic vulnerabilities were exploited

Company A personal information leak incident (2017)

There was a problem where if any phone number was entered into Company A's API, all customer information linked to that phone number could be obtained.
- Authorization Error
- Unnecessary information exposure

Required security measures

APIs tend to be updated more frequently than general websites.

In addition, in order to effectively protect against the unique risks mentioned above, appropriate measures must be taken for each phase.

Security Enabled by Imperva API Security

Imperva API Security enables consistent measures from pre-validation to defense of APIs.

In addition, after an API is discovered, it is possible to operate each endpoint in block mode, which reduces the operational burden of responding to detection alerts and formulating blocking policies based on risk assessment.

<Function>

Verification
For newly created/updated APIs, you can upload API specifications to CloudWAF to download risk reports and vulnerability assessment tools.

With reporting functions and diagnostic tools, you can check whether your API contains any risks before it is released.

Discovery/Classification
Based on actual observed communications, it is possible to compile an inventory of API endpoints and visualize OWASP API vulnerabilities and the presence or absence of confidential information.

Detection/Defense: Policy Function
Imperva provides detailed control over normal communications learned from API requests and requests that deviate from API specifications.

With the CloudWAF Add-on type, it is even possible to block communications.

Endpoints that handle confidential information can block communications outside of the specifications, while other communications are operated in Alert mode, allowing for flexible operation suited to each customer's environment.

How to get started with Imperva API Security

There are two installation methods available, allowing for flexible installation regardless of your application or construction environment.

1) CloudWAF Add-on type

You can use it just by switching DNS.

For APIs exposed to the public, this is the recommended implementation method as it also provides WAF/DDoS protection.

2) API Anywhere Type

Highly flexible micro sensor and controller models allow for customization to your environment.

It also enables detection of East-West traffic.

Inquiry/Document request

In charge of Macnica Imperva Co., Ltd.

inquiry Document request

TEL：045-476-2010
E-mail：imperva-info@macnica.co.jp

Weekdays: 9:00-17:00