API Security Manager
API Security Manager is designed to discover and test hidden/shadow APIs to ensure their security and compliance posture is robust. It provides a holistic security testing workbench embed within CICD pipeline to scale the automated testing of APIs using OWASP top-10, CIS top-20, and other custom frameworks. Various forms of API responses (text, images, audios) can also be benchmarked using different metrics.
Testimonials
"What a fantastic and insightful [solution] around API risk management, can't agree more on API risk assessment across product/services, discovery, licensing, legal , T&C, compliance, authorization, reliability (where in the world third party API/data is hosted), often these optics are overlooked, as we rush through the process of eliminating data silos internally [and] externally thru APIs. Keep up the good work."
–Sanket Kulkarni, Digital Strategy and Architecture at Amtrak
Discovery is enabled via world’s first comprehensive API KnowledgeBase™ - a curated repository of public and private APIs with advanced search capabilities. Refer to API Discovery Manager data sheet for additional details.
API Security Manager comprises of six technical modules.
Access thousands of Public, Open APIs in a single platform. Choose APIs based on analytics derived from 15000+ API’s, 10000+ Providers, 5000+ Categories, 30000+ terms of service.
• Search APIs (names, vendors & industries) | • Search APIs (natural language processing) |
• Access sample API responses & codes | • Make live calls & analyze API responses |
• Find API agreements & assess legal risks | • Conduct quality & data privacy (PII) analysis |
• Build & manage multiple API communities | • Control access privileges via policies & roles |
Discover embedded APIs in source codes by integrating scanning agents within your CI/CD processes for better transparency, workflow management and governance of APIs across multiple products.
• GUI tools for API Discovery | • IDE plugins for API Discovery |
• CICD integrations (CL) for API Discovery | • Analyze programs (API code snippets) |
• Detect URLs (in source codes) | • Specify target APIs to be discovered |
• Workflow management for API test | • Workflow management for API agreements |
Discover hidden APIs by analyzing HTTP traffic (passing through API gateways, and application servers). This is in contrast to source code scanning (when access to application is difficult/not possible).
• Deploy network agents to find hidden APIs | • Deploy multiple agents in a distributed way |
• Mark target APIs for discovery & analysis | • Test discovered APIs in real time |
• Find API details (vendors, ISPs, server locations, vulnerabilities, etc.) | • Set customized network parameters (API detection & reporting frequencies) |
• Consolidate results from multiple networks |
Discover embedded APIs in source codes by integrating scanning agents within your CI/CD processes for better transparency, workflow management and governance of APIs across multiple products.
• Perform OWASP top-10, CIS top-20 tests | • Customize selection of tests for specific APIs |
• Test multiple API authentication settings | • Upload fake IDs/Passwords/API-Keys |
• Perform API fuzzing via random inputs | • Analyze API (hosting) servers & metadata |
Framework to test various API configurations (header, body, parameter settings).
API Benchmark to compare API responses (in JSON, XML, Text, Audio, Videos, Images) and API quality (in speech recognition, text analysis, etc.) using various statistical techniques.
• Test APIs in a wide variety of settings | • Support for various authentications (API Keys, Basic Auth, OAuth, JWT) |
• Reuse & analyze history of API test cases | • Compare API responses in JSON & XML (containing texts, images, audios, videos) |
• Manage users, privileges & workflows | • Generate customized reports (PDF, CSV) |
• Collaborate on multiple API projects |
High level analytics for CxOs on API usage, organizations and their users, API hosting locations. Drilling down capability to gain insights.
• API Consumption analytics | • API User analytics |
• API Community analytics | • API server/ISP distributions |
• API usage drill-down capabilities | • API billing audit (of multiple vendors) |