APIs are simultaneously a great benefit and a
significant threat for the enterprise. Serving as
gateways to important functionality and data, APIs
enable enterprises to make key resources available
to developers, mobile apps, consumers and other
companies. This benefit is what also makes APIs a
threat, because they represent an extremely valuable
target for attackers.
The job for security architects is to ensure that APIs
offer the right functionality without also giving
attackers a key to the enterprise kingdom. That's
trickier than it sounds. This paper explores the
most critical API threats and the corresponding
countermeasures to help you thwart them.