A foundational element of innovation in today’s app-driven world is the APIs. From banks, retail, transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of any modern mobile, SaaS and web applications. APIs can be found in customer-facing, partner-facing, and internal applications. By nature, API transfers data and has the potential to expose sensitive information. Because of this, APIs have increasingly become a target for attackers. Without securing APIs, rapid innovation would be impossible.
API Security is the process of protecting the API from attacks which could arise by interacting with the APIs. API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs).
Below is the link to the Whitepaper to provide guidance on how to mitigate the unique threats and security risks of APIs, and GraphQL as described in the OWASP API Security top 10 list with the security capabilities built-in and integrated into the IBM API Management solution.
API Connect OWASP Whitepaper
We have also published a 3 part video series explaining API Security best practices, mitigating OWASP Top 10 API threats, and GraphQL threats. Please refer to this link to learn more about our strategy.
API Security Part 1 - Intro & Best Practices:
API Security Part 2 - Mitigating OSWAP Top 10 threats for APIs:
API Security Part 3 - GraphQL threats:
Please let us know if you have any questions. Connect with us through comments here to continue the discussion.
IBM API Security Team