Aimed to assist the security teams to control APIs and discover potential excessive data exposure. It generates a dynamic API endpoints catalogs
The API-WAF module protects from malicious content-based (“classical”) applicative attacks, as appears in the “OWASP top 10” – APIs and Applications security lists. Performing in real-time, it conducts full deep packet inspection (DPI), followed by an intensive AI analysis for each request (API endpoint) argument value and server reply content, which can catch advanced attack vectors generated by AI tools, making it the ultimate ﬁrst line of API protection at the era of AI attacks.
The API-BOT module protects API endpoints from bot attacks, as listed in the “Automated Threats to Web Applications” list, aka “OWASP Top 20”. It performs real-time deep packet inspection (DPI), followed by near real-time AI analysis of the API(s) trafﬁc – content, context, and metadata, applying relevant bot activity measurements along multiple time scales, enabling to catch the slowest bots that can operate for days. ammune™ API-Bot module can detect advanced bot attack tactics generated by AI tools. These capabilities are making it the ultimate ﬁrst line of API protection from bot attacks in the era of AI attacks.
The API-DDoS module protects from applicative DDoS attacks tailored against speciﬁc API endpoint(s). Such attacks may use camouﬂage techniques, such as rotating source IPs, and request content randomization while using optimization AI-based algorithms to decide on the next wave of attack tactics. ammune™ API-DDoS module performs real-time deep packet inspection (DPI), followed by AI analysis that uses specific DDoS measurements alongside general bot measurements at the endpoint level. It can catch multi-vector DDoS attacks at scales of even 100 DDoS vectors simultaneously. These capabilities are making it the ultimate ﬁrst line of API protection from bot attacks at the era of AI attacks.
The API-BL module protects APIs from Business Logic (BL) attacks, leading to forbidden data or functionality access or abused business processes and fraud. As some of these attacks are listed in the “OWASP Top 10 – API security list “ few more attack types were added by us. ammune™ performs in-session trafﬁc analysis to identify these attack patterns in real-time, involving session as well as historical data points. It completes the ﬁrst line of protection together with the API-WAF module.