IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.


#TechXchangePresenter
 View Only

  • 1.  API Gateway Threat Protections

    Posted Mon June 13, 2022 09:57 AM

    Does API Gateway protect against data tampering, dictionary attacks or resource hijack attacks?


    #API-Management
    #webMethods
    #API-Gateway


  • 2.  RE: API Gateway Threat Protections

    Posted Mon June 20, 2022 01:17 AM

    Hi LaTonya,
    API Gateway does not offer explicit policies for dictionary attacks or resource hijack attacks. Data hampering can be prevented by using encryption. For detailed list of policies available please refer the below link Reverb

    Regards.


    #API-Management
    #webMethods
    #API-Gateway


  • 3.  RE: API Gateway Threat Protections

    Posted Mon June 20, 2022 09:58 AM

    Do you know some possible methods to help mitigate dictionary attacks or resource hijack attacks?


    #API-Gateway
    #API-Management
    #webMethods


  • 4.  RE: API Gateway Threat Protections

    Posted Tue June 21, 2022 09:40 PM

    Hi LaTonya,
    A dictionary attack is a brute-force method of entering every word in dictionary and for this you can set the “Account Locking Settings” to help defend against this.
    For resource hijacking, the technique that typically implies the installation and operation of crypto miners, APIGW can perhaps be used (in conjunction with an ICAP server) to try to ensure that a malicious payload that contains the code is not delivered and installed via an APIGW call.

    Hope this helps.


    #webMethods
    #API-Management
    #API-Gateway


Related Content