RSS feed Get our RSS feed

News by Topic

BizReport : Law & Regulation : September 09, 2021

Top 5 tips to improve API security

While API bugs can certainly bog down a system and be exploited by fraudsters, these 'bugs' aren't the biggest obstacle to digital security. According to one expert, attackers bypassing apps by impersonating traffic and making transactions appear legitimate is the bigger threat. Here's how to defend against such attacks.

by Kristina Knight

First, collaborate during the ideation and design stage

"Often, software is difficult to secure because it wasn't originally designed with security or "defensive thinking" in mind. It's almost impossible to secure a system properly after the design as you are, at best, limited to a moat-and-castle type of model - which is extremely limited and barely adaptable. During the ideation and design stage of development, inject your design team with a few security experts and you will see a huge difference," said Sam Rehman, SVP, Chief Information Security Officer, EPAM Systems, Inc..

Second, focus on identity

"Having a clean identity model with consumers, employees, services and partners will allow you to simplify and strengthen your controls and be more adaptive. Once you have a clean model, adding behavior and advanced techniques will be more pervasive and transparent," said Rehman. "This will in turn be less disruptive to the user experience."

Third, be transparent with your users and align your claims with your actions

Rehman advises, "Building trust with you customers is key. In my opinion, the only way to do that is to "do what you say and say what you do." Then, empower your users once they are on your side. Weeding out malicious acts will be far more effective."

Fourth, layer and segment

"There is no "one-size fits all" in security. In fact, that's a good thing - having all your controls in one aspect only makes it easier for attackers to circumvent and make it harder for users," said Rehman. "I recommend layering your controls and segmenting the workload, data or network to reduce the yield for the attackers. This allows you to reduce the blast radius when, not if, something bad happens. It will reduce the effort needed to contain and recover. Zero-trust architecture will help you access and apply this in a systemic way."

Fifth, monitor and watch your data motion

"Monitoring and tracking your data motion will tell you a lot without adding burden to the users. You must think like the attacker and watch your data as they would. This will help you understand your attack surfaces and risks with more agility and productivity," said Rehman.

Tags: API security, business security tips, EPAM Systems, online business security

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.