API Inventory: New features and improvements
2024-4-17 16:24:49 Author: securityboulevard.com(查看原文) 阅读量:0 收藏

API Inventory: New features and improvements

We are excited to announce our updates to API discovery and inventory, which will give you even more capabilities to achieve API governance with ease.

API Inventory: New features and improvements
Escape's API inventory

What's new

Now, you can discover not only the APIs and API schemas of your primary organizational domain but also those of all your subsidiaries automatically, thanks to the AI-powered domain suggestion feature.

Next, we've expanded the API characteristics available in the view associated with each endpoint. Now, Escape offers visibility and a comprehensive understanding of the following:

  1. The characteristics of the API and its environment, including:
    • Production, staging, or development API
    • API type and framework: REST, GraphQL, SOAP, WebSocket, gRPC…
    • Cloud hosting: AWS, Azure, OVH…
    • Associated firewall: Cloudflare, AWS ELB, Azure WAF…
  1. The risks associated with each exposed API:
    • Leakage of sensitive data
    • External exposure
    • Disclosure of API schema
    • Lack of authentication or authorization
    • Critical vulnerabilities
  1. The business logic of the API:
    • Automatic generation of the Schema (OpenAPI) by generative AI
    • Detection of API creation date, API versions, and schema changes
    • Detection of Shadow APIs, Zombie APIs, Legacy APIs
    • Detection of similar or duplicate APIs
  1. The API owner:
    • Business unit
    • Code owners
  1. The context of API usage, including:
    • Third-party services: Gitlab, Jira, Confluence, SQL Database, Keycloak…
    • Internal service, classified based on its usage
  1. The type of sensitive data exchanged, including:
    • Personally Identifiable Information (PII): Including but not limited to Social Security numbers, full names, and email addresses.
    • Financial Information: Such as credit card numbers, bank account details, and transaction histories.
    • Authentification tokens and Secrets: For example, API keys, JWT tokens, and encryption keys.

A complete list of supported data types can be found on the Advanced Usage/Data Types Reference page.

Why?

Here are the key benefits of new API discovery and inventory capabilities :

  1. Streamlined oversight: By automatically uncovering APIs across multiple organizational domains and subsidiaries, you are now empowered with a simplified approach to ensuring comprehensive oversight without manual effort.
  2. Business strategic analysis: You can now gain deeper insights into the context and business logic of APIs. Make strategic decisions based on comprehensive understanding and analysis and align those decisions with the organization's goals and objectives.
  3. Proactive risk management: Identify and address potential risks associated with each API before they are released in production and escalate.
  4. Enhanced accountability: With clear ownership of each API, responsibility can be assigned more effectively. It also helps you to promote a culture of accountability within the organization.

These features collectively provide comprehensive insights into API usage contexts, sensitive data exchanged, and associated risks, enabling your organization to make informed and timely strategic decisions.

Getting started

Here's how you can quickly benefit from our updates:

  • Haven't you set up your inventory yet? Go to Inventory -> Settings -> Add a new domain
API Inventory: New features and improvements
Add a new domain
  • Once your domain is scanned, head to your current API inventory:
API Inventory: New features and improvements
Escape's API inventory
  • Click on the API you want to get data for:
API Inventory: New features and improvements
Your API data

And explore and verify all the parameters! For example, you can adjust your API's business use:

API Inventory: New features and improvements
API's business use options

With these new updates, we hope you find it simpler than ever to build a comprehensive API inventory. Try it out for yourself, and let us know what you think in our Slack community!

💡 Check out more product updates below:

*** This is a Security Bloggers Network syndicated blog from Escape - The API Security Blog authored by Alexandra Charikova. Read the original post at: https://escape.tech/blog/api-inventory-new-features/


文章来源: https://securityboulevard.com/2024/04/api-inventory-new-features-and-improvements/
如有侵权请联系:admin#unsafe.sh