You would never leave the keys to your building lying around, so why do so many organizations leave the keys to their business exposed?
Application Programming Interfaces (APIs) are growing at an unprecedented rate. According to ProgrammableWeb, there were more than 20,600 APIs as of January 2019. That's nearly a 230% increase in the last decade. And while APIs are better suited for today's high-powered business model, they present a myriad of security challenges that must be addressed.
Historically, there has been no love lost between software developers and security teams. Dev teams are frustrated by the restrictive nature of the security standards placed on them as they often hinder rapid application development. On the flip side, security teams see developers as one of the top threats to the integrity and success of their security strategy.
Microservices and containers are a hot topic right now - and for various reasons. They are making the news because of their ease of use, but also for the challenges associated with protecting them. We'll start with the positives...In the realm of organizational growth and flexibility, microservices have various advantages. One such advantage is their ability to enable continuous refactoring of small parts of an application, which prevents developers from dealing with large product releases that tend to be more prone to bugs, backward compatibility issues, etc. Other key advantages of microservices include:
Independent scaling. Scaling can be limited to the parts of the application that require more resources
Services can be implemented using different technology stacks
More fine-grained testing of individual components
Makes workflow failures easy to handle and recover from
Easier to distribute development tasks across different developers or teams
A Web Application Firewall (WAF) can be a very effective security control to protect your Internet-facing applications from botnets, targeted attacks, and general “Internet noise” generated by attempted exploitations. But is concentrating solely on actual attack vectors instead of the attacker the right way to address the problem?
Sure, most WAF solutions will be able to detect an obvious SQL injection or XSS attempt, but can they combat a barrage of WAF bypass techniques, such as multi-level URL encoding? What about other obscure request encodings that only specific web server technologies will understand and parse?
Based on analysis of existing data, feedback from customers, and thought leadership insights, ThreatX is rolling out updates to offer advanced Edge Caching, DDoS Mitigation and Botnet Detection.
Topics: Company | Product Updates
As a leading provider of SaaS-based WAF solutions, we often encounter organizations who prioritize their applications and only secure the "top" web applications. There's a critical flaw in this approach and it's leaving organizations exposed.