Current State of API Security and Machine Learning

Abstract

The adaptation of application program interface (API)s in every enterprise is the emerging business trend, and at the same time it diversifies the threat domain for businesses. APIs are becoming the new and most important infrastructure layer on the Internet and are the most vulnerable points of attack in modern systems. Each API adds new dimensions to security threats and attack vectors to corporate data and applications, therefore critically forfeiting the business systems. Traditional security features for API protection are provided through API gateways, and it had been nothing more than API keys and username/password combinations (HTTP authentication). On the other hand, intruders and hackers are getting smarter. Combining the proliferation of social engineering platforms with recent technological advancements, the ability to gain access to confidential data has become both easier and common [1], [2]. APIs funnel data among applications, a multitude of various API users, and cloud infrastructure, therefore sensitive or confidential information might get exposed to unauthorized users, if API security is not carefully crafted. Using a holistic approach to securing APIs not only addresses the vulnerability issues, but offers protection for all of the infrastructure, networks and information.