Chenxi Wang

APIs are a crucial component of modern application architecture. APIs play a central role in enabling interoperability, communication, and data exchange between diverse systems and applications.

Because of the pervasive nature of APIs, ensuring secure operations via APIs is critically important for safeguarding data, maintaining the integrity of systems, and protecting the proper functioning of applications in an interconnected digital ecosystem.

In practice, security professionals forming an API security strategy should consider these major aspects. I’ll deep dive into each aspect in three essays:

Visibility and inventory

Knowing which APIs you have, what they are, and how long they have been around, and then creating an inventory of APIs with context metadata are some of the first steps of getting your hands around API security.

Chapter 83, “API Security Primer: Risk Assessment, Monitoring, and Detection”

After inventory, you need to assess whether the API endpoints conform to security architecture/design requirements and policies. Further, you need to monitor and detect any policy violations that may arise.

Chapter 84, “API Security Primer: Control and Management”

Once you know what APIs you have and what risks they carry, you need to exercise control over the design, deployment, and management of APIs to ...