
API security is often the weakest link in a company’s cybersecurity strategy. It’s also often overlooked, making it an attractive target for hackers. In fact, Cloudflare found in their API security report that about one third of APIs are “shadow APIs”, meaning organizations aren’t even aware of them.
We believe securing your APIs (and any other part of your digital environment) should be straightforward and actionable. That’s why we’re excited to launch our new API Scanner, which is designed to help you identify and fix hidden API risks before attackers do.
REST APIs (Application Programming Interfaces) are used for system communication through predefined endpoints that handle requests and responses between systems. A large portion of a company’s network consists of APIs. Aftra’s API scanner assesses each endpoint to see how your APIs respond to different requests, and identifies if vulnerabilities or any configuration issues exist allowing someone to bypass security measures.
It’s like a stress test for your APIs — one that runs automatically and reports findings clearly, so your team can act fast.
APIs are attractive targets for hackers especially because of how many of them are shadow APIs. When you add an API it gets deep into your code and gets hard to find and update. You might deprecate it, but forget to remove it.
Not only that, but many of the APIs we use are from 3rd parties. We have to trust that they’re relatively secure. But if there’s a vulnerability in one of them, it introduces a weakness into your own system, making it critical to be aware of all your APIs, keep them up to date, and know if they’ve become vulnerable.
Organizations heavily rely on REST APIs on a daily basis to connect services, share data, and enable customer experiences. But as your API landscape grows, so does your attack surface. Old endpoints stick around. Permissions change. Vulnerabilities creep in unnoticed.
Hackers know this and know how to find them. Those outdated or forgotten endpoints can silently create a backdoor into your systems and expose sensitive data.
For example, in 2022, an API vulnerability allowed a hacker to breach Optus, the second largest mobile operator in Australia, and steal data from 11 million of their customers.
In order to help our customers take control of this hidden attack surface and strengthen their web applications, we recently launched our new API scanner. It provides users with more detailed scanning of their API endpoints.
Aftra’s new API scanning is here to help. By providing dynamic, automated scanning of your API endpoints, Aftra helps your security team stay one step ahead and spot weaknesses before they become breaches.
Aftra’s API scanner goes beyond a one-time scan or penetration test. It gives you real-time, actionable insights into your API security so you can fortify your defenses.
Here’s what it covers:
Alongside the new API scanner, we’re adding the ability to add user credentials to all of your scans. What does this mean? It means that you’ll be able to see what people with various levels of access would be able to see. This includes: a user without permission, read permission, admin credentials, and a logged in user.
This API scanner is now available for all Aftra customers. Simply log into your account and visit the Scans page at app.aftra.io to get started. There you’ll find easy-to-follow instructions to set up your first API scan.
Book a demo and see how Aftra makes cybersecurity simple, proactive, and effective by empowering leadership and IT to understand and take control of their entire attack surface, including hidden APIs.