In an increasingly connected digital sphere, the API economy is no longer just a management challenge. Rather, the API economy has become a crucial part of cybersecurity efforts. APIs can provide security capabilities you do not have in-house. You don’t need to purchase specialized security tools or attain security expertise. In this article, we discuss how you can use APIs to improve security, as part of your regular development and DevOps process.
5 Ways to Use APIs to Improve Your Security
Although APIs can present a security risk if not implemented correctly, you can also use these tools to improve your overall security. APIs can provide incredibly versatile services that you may have difficulty accessing otherwise. Some use to consider implementing are covered below.
- Protecting web applications
API services can enable you to detect malware and code insertions in your web applications. These services can alert you to attempts as well as active infections, enabling you to respond quickly to contain the issue. Depending on the service, these APIs may also help you track the source of traffic and enable you to block future attacks from the same source.
- Verifying site trustworthiness
APIs can enable you to query databases of known malicious sites to verify or deny the safety of a given site. This enables you to avoid or block risky pages, domains, or networks. This information can also be used simply to alert users that they may be accessing a dangerous resource.
- Accessing threat intelligence
Many vulnerability databases and threat intelligence sources offer APIs that you can use to integrate information into your existing tools. For example, these APIs are frequently incorporated into software composition analysis (SCA) tools or system information and event management (SIEM) solutions.
- Identifying your attack surface
APIs are available that enable you to test and audit your network, including IP addresses, domain names, and DNS records. You can use these APIs to monitor for DNS changes, identify expired records or security certificates, and prevent attacks such as domain jacking.
- Locate stolen data
Using search APIs you can set up systems that help you monitor for data theft or stolen content. For example, you might use reverse image searches to identify images on unauthorized sites. Or you can perform regular searches for canary data to help identify a breach. Canary data is planted data that has no legitimate purpose outside of breach identification.
Verifying That Your Security APIs are Reliable
Before using any third-party APIs in your integrations, you should first make sure that the API itself is secure. It does you little good to try and increase security with a vulnerable API. While your ability to fully test API security is likely limited, there are a few aspects you can look for. Key features of secure APIs include:
- Authentication measures such as OAuth or OpenID
- Use of transport layer encryption (TLS)
- Data masking or use of tokenization
- Request timestamps
- Rate limiting features
Top Security APIs
There are many security APIs out there to choose from, depending on your needs. Below are a few good options to start with.
Google Safe Browsing API
The Safe Browsing API is a free service provided by Google. It enables you to verify client applications against a database of known unsafe web resources. It includes functions for verification according to threat and platform type, warning users of threats, and preventing the posting of malicious links in your forums or comment sections. This service is only available for non-commercial verification. However, there is a paid service you can use in commercial security products you wish to produce, the Web Risk API.
Website Malware Scanner API
The Website Malware Scanner API is a paid service, offered by Quttera. It enables you to integrate website verification into your existing applications via Quttera’s threat intelligence database. This API includes functionality that enables you to detect attacks, scan and report on web assets in real-time, and perform multi-thread scanning. You can use it with cloud, on-premise, and hybrid applications.
The urlscan.io API is a subscription service you can use to scan and analyze website security. It enables you to submit sites to an automated tool that navigates the site as a user would and logs the results. The urlscan.io API also includes features that enable you to perform historical searches for IP lookups, domain scans, ASN results, and retrieved hashes. This service is available with a free trial.
The Shodan API is a paid service you can use to remotely access the Shodan search engine. This search engine crawls sites and provides information on Internet-connected systems, including routers, servers, webcams, and Internet of things (IoT) devices. Using the API, you can collect information on visible endpoints, retrieve open-source intelligence data, and create digital maps of networks. Shodan includes features for real-time data feeds, alerting and on-demand scanning.
APIs are often discussed as a security threat, but not much has been said about the positive uses of APIs for cybersecurity. You can use APIs to detect malware and insertions, verify site trustworthiness, perform threat intelligence, identifying your attack surface, and locate stolen data. However, before using APIs for security, you must ensure that your security APIs are reliable. Once you chose a reputable API, you can start using it in your daily operations without interfering with your workflow.