Prophaze
  • What is Prophaze AppSec Platform? How it works?
    • Performance
    • SSL Termination
    • Modes of Operation
  • Prophaze AppSec Best Practices
  • Application Onboarding
    • Account Creation
    • Deployment Models
      • Cloud
      • On-Premise
      • Kubernetes Deployment
    • Multi-Cloud Setup
  • DASHBOARD UI OVERVIEW
    • Dashboard
    • Traffic Analysis
    • API Security
    • Attack Analytics
    • DDOS Attacks
    • Rules Page
    • Bot Mitigation
    • Anomaly Detection
    • Reporting
    • Attack Types
    • Incidents
    • AppSec Toggle Mode
    • SSL Certificate
  • HTTP Support
    • Encoding Types
    • Protocol Validation
  • Protection Use Cases
    • HTTP Protocol Violation
    • Protocol Anomalies
    • Bot Detection
    • Injection Prevention
    • HTTP Request Smuggling
    • HTTP Response Splitting
    • XSS Prevention
    • LFI and RFI
    • Session Fixation
    • SQL Injection Prevention
    • Layer 7 Dos Attack Prevention
    • PHP Application Protection
  • Detection Techniques
    • Normalization
    • Negative Security Model
    • Signature and Rule Database
  • FAQ
    • Onboarding Process
    • Dashboard Terminology
    • Attack Section
    • Rule Set
    • Traffic 360: General Traffic Logs
    • ML Based Bot Mitigation
    • Generating Reports
    • Anomaly Detection
    • General
  • Software Updates
    • Release Notes v2.3.0
  • Release Notes v2.4.0
  • Release Notes v2.5.0
  • API Security Dashboard
    • API Security Features of Prophaze
    • API security scoring
    • Host-Based API Quality Score
    • How to Enable API Security and Dashboard
    • API Security Section
  • CVE
    • CVE-2024
    • CVE-2023
    • CVE-2022
    • CVE-2021
    • CVE-2020
    • CVE-2019
    • CVE-2018
    • CVE-2017
    • CVE-2012
    • CVE-2011
    • CVE-2009
    • CVE-2008
    • CVE-2001
Powered by GitBook
On this page
  • Protecting API Endpoints
  • Threat Detection and Prevention
  • API Analytics and Reporting
  • Key Highlights

Was this helpful?

  1. API Security Dashboard

Host-Based API Quality Score

A quality score is assigned to an API host, independent of individual API endpoints. This score considers various metrics to evaluate the overall reliability and security of the host.

1. Response Content Type (JSON/XML)

  • Definition: Evaluates the format of API responses.

  • Impact on Score:

  1. JSON and XML are preferred response formats.

  2. Responses with invalid formats (e.g., text/html when JSON is expected) negatively impact the score.

  • Best Practices:

  1. Ensure proper response content-type headers (e.g., application/json, application/xml).

  2. Avoid returning HTML or unstructured text in API responses.

2. Number of Error Codes vs. 200 Status Codes

  • Definition: Measures the ratio of unsuccessful (4xx, 5xx) to successful (200) responses.

  • Impact on Score:

  1. A higher number of error responses reduces the score.

  2. A higher success rate (200 responses) contributes positively.

Best Practices:

  1. Monitor and reduce API failures

  2. Implement meaningful error messages and exception handling.

  3. Improve API stability by reducing downtime.

3. Average Response Time

  • Definition: Assesses how quickly an API responds to requests.

  • Impact on Score:

  1. Responses exceeding the defined threshold lower the score.

  2. Faster responses contribute to a higher score.

  • Best Practices:

  1. Optimize database queries.

  2. Implement caching strategies.

  3. Minimize unnecessary API calls.

4. Average Content Length

  • Definition: Evaluates the size of API responses.

  • Impact on Score:

  1. Large response sizes exceeding the threshold reduce the score.

  2. Optimized, minimal responses contribute positively.

  • Best Practices:

  1. Avoid excessive data in API responses.

  2. Use pagination for large datasets.

  3. Compress responses when applicable.

5. HTTPS Traffic

  • Definition: Determines whether the API enforces secure communication.

  • Impact on Score:

  1. API traffic using HTTPS gains a higher score.

  2. HTTP-only APIs are penalized due to security risks.

  • Best Practices:

  1. Implement HTTPS enforcement at the level.

  2. Use HSTS (HTTP Strict Transport Security) to force secure connections.

  3. Regularly audit SSL/TLS configurations.

Protecting API Endpoints

Endpoints At Risk API endpoints are crucial access points for your application. Malicious or suspicious attempts to exploit these endpoints can jeopardize the security of your entire system. For instance, specific APIs like /api/v3/pet/1 may become targets for attackers attempting to bypass security measures. Understanding which endpoints receive malicious requests helps you identify potential vulnerabilities early on.

Resource-Heavy Endpoints Certain API endpoints can be resource-intensive, leading to performance bottlenecks. These endpoints may experience high response times or large content lengths, which can indicate that they are handling resource-heavy backend operations. Monitoring the performance of these endpoints provides insights into which parts of the application are putting the most strain on your resources, helping you optimize both security and performance.

Why This Matters By knowing which API endpoints are at risk or are resource-heavy, you can take proactive steps to improve their security and performance. Securing vulnerable endpoints and optimizing those that consume excessive resources helps maintain the integrity and responsiveness of your system, ensuring a smooth user experience while minimizing exposure to threats.

Threat Detection and Prevention

Real-Time Threat Detection Prophaze's threat detection capabilities are designed to identify malicious activities in real-time. Key threats such as SQL injection, cross-site scripting (XSS), and brute force attacks are detected as they occur, allowing for immediate action to prevent damage. A bar chart displaying the top 10 types of attacks helps visualize the most common and concerning threats in your environment.

Latest Attack Examples

  • SQL Tautologies Attack: SQL injection attacks, like tautologies, exploit vulnerabilities in database queries. Attackers manipulate queries to return true for any condition, allowing unauthorized access or data manipulation. An example of such an attack originating from IP addresses in Thailand was flagged and successfully blocked, demonstrating the system’s real-time response capabilities.

  • Geographical Attack Mapping: Prophaze also provides geographical attack mapping, allowing you to track where attacks are originating from globally. This feature is invaluable for taking targeted actions, such as blocking traffic from suspicious regions or investigating threats more closely based on their geographical origin.

Why This Matters Real-time threat detection is essential for stopping attackers before they can cause significant harm. By detecting malicious activities as they happen, you ensure that your system is always protected, minimizing the potential for data breaches or other security incidents. The geographical mapping feature further empowers your team to make informed decisions about where to focus efforts for better security and risk mitigation.

API Analytics and Reporting

Traffic Comparison A comprehensive traffic comparison graph provides insights into the fluctuations in normal and suspicious traffic over time. By visualizing these trends, you can spot anomalies and potential threats that deviate from typical traffic patterns. This comparison helps you track when malicious activity spikes, enabling your security team to respond swiftly to unusual behavior and mitigate any risks before they escalate.

Error Codes Analysis The error codes analysis is crucial for identifying problems and possible attacks within your system. A time series graph presents the error rate for a specific host, based on traffic logs that contain error status codes such as:

  • 404: Endpoint Not Found: Occurs when users or attackers attempt to access an invalid or non-existent endpoint.

  • 500: Server Error: Typically indicates an issue on the server-side, such as an unhandled exception or misconfiguration.

  • 403: Access Denied: Indicates a failed attempt to access a resource without proper authentication or authorization.

By monitoring these error rates, you can uncover issues with the system’s stability or security, helping you address potential threats like misconfigurations, unauthorized access attempts, or performance degradation.

Recently Discovered Endpoints This report shows newly identified APIs and their discovery dates, with the data filtered to include only those endpoints found within the last 7 days. This feature helps you keep track of any newly added or hidden endpoints, ensuring that any exposed vulnerabilities are addressed in a timely manner. By continuously monitoring and identifying new endpoints, you can stay ahead of potential risks and ensure the integrity of your entire API infrastructure.

Why This Matters API analytics and reporting provide invaluable insights that help optimize your infrastructure. By monitoring traffic trends, error codes, and newly discovered endpoints, you can proactively identify and resolve security vulnerabilities, improving overall system stability and performance. These insights enable your team to take informed actions, ensuring the protection of your resources and a seamless user experience.

7. Advanced API Security Features

Base URI Management Base URI management allows you to specify the root address of your API (e.g., /api/v1). This feature helps you focus protection on specific sections of your application rather than applying blanket security measures across the entire API. By managing base URIs, you can more efficiently allocate resources and apply targeted security controls to the most sensitive or critical parts of your API.

HTTPS Support To ensure secure communication between your APIs and users, HTTPS support encrypts the data exchanged between the client and the server. This encryption protects against eavesdropping, man-in-the-middle attacks, and tampering, making it a crucial feature for securing sensitive data and safeguarding user privacy.

Dynamic Threat Detection Leveraging artificial intelligence (AI) and machine learning (ML), dynamic threat detection analyzes historical data to detect anomalies in API usage patterns. By continuously learning from usage trends and evolving threats, this feature can identify unusual activity that may indicate a security breach. This proactive approach allows for the early detection of potential vulnerabilities and ensures real-time protection against emerging threats.

Why This Matters These advanced security features not only protect your APIs but also optimize their security and efficiency. By focusing on specific sections of your API with base URI management, ensuring encrypted communication with HTTPS, and using AI-driven dynamic threat detection, you can significantly enhance the robustness of your security posture and minimize the risk of data breaches or attacks.

Key Highlights

  • Automatic Discovery: Prophaze ensures that even hidden APIs are identified and secured, helping you maintain visibility over your entire API infrastructure, regardless of how obscure or private the endpoints may be.

  • Real-Time Attack Mitigation: The system proactively stops attacks like SQL injections as they happen, preventing any damage or exploitation in real-time.

  • Enhanced API Visibility: Gain deep insights into your API’s traffic, usage patterns, and performance, allowing for better decision-making and optimization.

Comprehensive Reports: With visual dashboards and detailed logs, Prophaze simplifies tracking and compliance by providing easy-to-understand data and actionable insights into your API's security status.

PreviousAPI security scoringNextHow to Enable API Security and Dashboard

Last updated 16 days ago

Was this helpful?