Skip to main content
Conference ProceedingsOPEN ACCESS

Research Towards Key Issues of API Security

Communications in Computer and Information Science (2022) 1506 CCIS 179-192
DOI: 10.1007/978-981-16-9229-1_11
7Citations
Citations of this article
28Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

With the mass application of virtualization, micro-services, and cloud-native technologies, the interaction between service entities through APIs has become a norm. Many platforms are still maintaining a large number of old APIs due to business needs. At the same time, many new APIs are gradually going online. Both of these statuses put forward higher requirements for API security. Focusing on old APIs’ security protection and other issues, this article starts from the process of asset discovery, vulnerability detection, and security auditing. Aiming at the problem of API asset discovery, this article summarizes the technical methods of automatically clustering unowned API assets using the characteristics of various commonly used APIs. Aiming at new API vulnerability detection, a security analysis method based on finite state machine is proposed. For the first time, the cross-network communication taint propagation based on dynamic taint analysis technology and system-level simulation technology is realized, enabling sensitive data flow tracing in API communication become feasible. We designed a flowbased API security audit system to improve automated API protection. Finally, We analyzed technical opportunities and challenges of API security in detail and prospected for API security research’s next direction and development trend.

Author supplied keywords

References Powered by Scopus

Burglars' IoT paradise: Understanding and mitigating security risks of general messaging protocols on IoT clouds

Proceedings - IEEE Symposium on Security and Privacy
70Citations
N/AReaders
Get full text

Automated dynamic approach for detecting ransomware using finite-state machine

Decision Support Systems
45Citations
N/AReaders
Get full text

DECAF: A Platform-Neutral Whole-System Dynamic Binary Analysis Platform

IEEE Transactions on Software Engineering
36Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

API Traffic Anomaly Detection in Microservice Architecture

Proceedings - 23rd IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing Workshops, CCGridW 2023
6Citations
N/AReaders
Get full text

A classification-by-retrieval framework for few-shot anomaly detection to detect API injection

Computers and Security
1Citations
N/AReaders
Get full text

Real-Time Threat Detection and Mitigation in Web API Development

2024 International Conference on Electrical, Electronics and Computing Technologies, ICEECT 2024
1Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Sun, R., Wang, Q., & Guo, L. (2022). Research Towards Key Issues of API Security. In Communications in Computer and Information Science (Vol. 1506 CCIS, pp. 179–192). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-16-9229-1_11

Readers over time

‘22‘23‘24‘250481216

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 3

75%

Researcher 1

25%

Readers' Discipline

Tooltip

Computer Science 5

100%

Save time finding and organizing research with Mendeley

Sign up for free
0