
The Updated OWASP API Security Top 10 for 2023 is Here
The Open Web Application Security Project (OWASP)…
{ "term_id": 179, "name": "Ed O’Connell", "slug": "ed-oconnell", "term_group": 0, "term_taxonomy_id": 179, "taxonomy": "wpx-authors", "description": "", "parent": 0, "count": 5, "filter": "raw" }
Executive Summary
Background
Digital infrastructure is constantly evolving, forcing security professionals to strengthen security operations at an accelerated pace to mitigate risks. With that said, organizations increasingly realize how essential API security is to their information security strategy, and are evaluating solutions that are being touted as potential tools to secure APIs. Recently, eBPF (an evolution of Berkeley Packet Filter) has been a topic of discussion as a method for collecting data on APIs. eBPF has been around since the early 1990s and has evolved over the years with the changes to the Linux kernel.
Pros & Cons
Given the familiarity some administrators have with eBPF, they might consider it as a viable solution for API traffic visibility. However, they must evaluate the pros and cons of various technologies before making significant integration decisions. Failure to do so could greatly compromise their security posture and impact incident response times. Like any technology, eBPF has its pros and cons that need to be considered:
Pros
Cons
Additional considerations
Discovering API issues is crucial but just as important is the remediation of the API risks. eBPF, while great for finding API issues, isn’t designed to enable remediation of the issue. Administrators will therefore need to find another solution to resolve the issue. Notably, a true API security solution that addresses gaps in protection from code to production.
Noname delivers actionable intelligence + remediation
Noname was created to deliver industry-leading visibility into APIs and enable customers to quickly remediate the issues themselves with actionable insights. We understood that many customers had digital infrastructure spread across multiple clouds and on-prem facilities, using a mix of cloud-native and adapted legacy application services. Noname was therefore designed to both pull data from multiple sources, to build a complete picture of APIs, and push policies and remediation actions to the same infrastructure. Two especially relevant components of the Noname API Security Platform include:
By building our integrations specifically to address API security challenges, Noname is able to go beyond visibility by pushing policies to the integrated security platforms to mitigate API risks. It also allows Noname to locally analyze and correlate API traffic for customers who want to keep PII data local for compliance requirements. Local analysis and correlation of API traffic enables Noname to offer a solution for private clouds (or on-prem deployments) where PII or similar information cannot leave the perimeter. This enables compliance with GDPR, PCI-DSS and other regulatory requirements.
To find out more about how Noname has implemented its API discovery and remediation, please review:
Experience the speed, scale, and security that only Noname can provide. You’ll never look at APIs the same way again.