With the explosive growth of APIs and API security breaches, it is more important than ever to have a solid API security posture for cloud-native applications. This is necessary all through the stages of API evolution: design, development, testing, staging, production-deployment and future upgrades.
It’s well and good to keep security in mind as an API is being developed, and of course to document the proper use of the API via an OpenAPI specification. But once the API is deployed in the real world, how do you know it’s rock-solid? How do you know the functionality exposed by the API isn’t being misused, or if it is, that the deployment can thwart attacks and abuses? And what about all the APIs that are already in the wild that haven’t been properly accounted for or secured?
It’s clear that deployed APIs need to be continuously discovered, monitored and tightly controlled in real-time and in the real world. APIClarity, an open-source project, provides solutions for all three.
Join me in two new blog series detailing the basics of APIClarity and how to get the most out of it!
APIClarity Overview Series:
- Introduction
- Installation
- Architecture
APIClarity How-To Series:
- Uploading an OpenAPI Spec
- Reconstructing an OpenAPI Spec
- Detecting Shadow APIs
- Detecting Zombie APIs
- Detecting BFLAs
- Using the Trace Analyzer
- Using the Fuzzer
- How to Contribute
Anne McCormick is a cloud architect and open-source advocate in Cisco’s Emerging Technology & Incubation organization.
