The Edgescan API Journey

A Comprehensive Strategy To Securing APIs

 


 


KEY PROBLEMS OF API ASSESSMENT

API Discovery

Continuous tracking and identification of exposed APIs across an organisation’s business estate can be difficult. Exposed APIs can lead to blind spots resulting in breach and data loss. This introduces additional risk to your business.


API Uniqueness

Each new API represents a potentially unique attack vector into your systems. While there are similarities, API security configuration assessment is different to traditional vulnerability scanning.


Insufficient API Threat Protection

API threat protection technology is not as mature as existing threat protection technology. Organisations need to be proactive about understanding security concerns associated with maintaining externally facing APIs.


API Solutions

Modern problems require modern solutions. APIs may not be apparent and simply look like a HTTP service but in reality, an unknown path to business-critical data may be present.

 

 

WHAT IS EDGESCAN OFFERING?

Edgescan provides continuous API discovery and vulnerability management coupled with false-positive, free-risk intelligence. Know your APIs, scan your APIs, test your APIs. It’s easy with Edgescan.

EDGESCAN API DISCOVERY

Find exposed APIs across an organisation's global estate. 

 

EDGESCAN API VULNERABILITY SCANNING

Adopt a continuous approach to API security by running regular vulnerability scans against APIs.

 

EDGESCAN API PENETRATION TESTING

Achieve absolute confidence in the security of your APIs.

 

 

STEP 1: API DISCOVERY

BCC032 API Journey Brochure_ceWEB5 - Copy

PHASE 1: PASSIVE

Simply share the organisation’s external estate with Edgescan. Edgescan will analyse the data looking for indicators of APIs.

 

PHASE 2: INTERACTION

Edgescan continuous asset profiler runs against all available external addresses provided. Edgescan’s multilayered checks are applied on all live services, resulting in discovery of unknown and shadow APIs.

Historically this was complex but we’ve cracked it!

 

PHASE 3: ASSESSMENT & ENUMERATION

After API discovery has been completed, Edgescan will run custom API security assessments against all live services.

These are specific API security checks to determine the security posture of the discovered APIs.

 

 

STEP 2: API SCANNING

Edgescan API Scanning is a critical part of securing an organisation’s estate


Parameters and attributes are enumerated and included in the assessment


Edgescan technology supports most RESTful and RPC APIs

 

BCC032 API Journey Brochure_ceWEB8 - Copy

 

 

STEP 3: API PENETRATION TESTING

Edgescan API scanning technology has

the ability to find vulnerabilities in all types of APIs

 

Edgescan’s automated API scanning uses the best scanning tools to cover the parts of an organisation’s APIs that are simple to enumerate

 

With API penetration testing, our security experts go the extra mile for our client’s most critical assets.

 

Manual penetration testing allows for the full suite of tests to be performed in order to break the business logic of the application

 

BCC032 API Journey Brochure_ceWEB10 - Copy

 

SERVICE DEFINITIONS

EDGESCAN API DISCOVERY
Our API Discovery is part of the Edgescan Continuous Asset Profiling SaaS that allows an understanding of the API topology within an estate. With Edgescan’s cataloguing and categorising correlation technology, it is possible to reveal the true inventory of APIs and exposures on the internet. The proprietary discovery process runs at regular intervals across the entire estate, and reports the findings back to the end user.

EDGESCAN API VULNERABILITY SCANNING
Our API Vulnerability Scanning is part of the Edgescan Continuous Vulnerability Scanning service that allows an understanding of common security vulnerabilities which may be present throughout an estate. With Edgescan security and vulnerability scanning engines specifically designed for APIs, it is possible to have continuous security visibility of your API exposures on the internet.

EDGESCAN API PENETRATION TESTING
Our API Penetration Testing is part of the
Edgescan API Testing service that allows you to get a deep manual penetration test on your business critical APIs. Combined with Edgescan API Discovery and API Vulnerability Scanning, it provides a comprehensive approach to securing your APIs to whatever level is needed.

 

Download your copy of The Edgescan API Journey Now!

BCC032 API Journey Brochure_ceWEB2

 

 

 

 

TRY EDGESCAN