API Protection: The New Frontier
Moving from WAF to WAAP
APIs are the great connectors. API communications now make up more than 80% of Internet traffic. Yet, they’re often overlooked in application security programs. It’s not surprising that attackers are taking advantage of this gap and increasingly targeting web APIs to gain a foothold, deny access, install bots, escalate privilege, and find sensitive data. This report explores the types of attack methods used against APIs and how a traditional WAF does not protect APIs from malicious traffic. It will then introduce an integrative approach called WAAP for full visibility into both API and web application traffic to identify bad behaviors, vulnerabilities being targeted, and call out IoCs.