Prophaze
  • What is Prophaze AppSec Platform? How it works?
    • Performance
    • SSL Termination
    • Modes of Operation
  • Prophaze AppSec Best Practices
  • Application Onboarding
    • Account Creation
    • Deployment Models
      • Cloud
      • On-Premise
      • Kubernetes Deployment
    • Multi-Cloud Setup
  • DASHBOARD UI OVERVIEW
    • Dashboard
    • Traffic Analysis
    • API Security
    • Attack Analytics
    • DDOS Attacks
    • Rules Page
    • Bot Mitigation
    • Anomaly Detection
    • Reporting
    • Attack Types
    • Incidents
    • AppSec Toggle Mode
    • SSL Certificate
  • HTTP Support
    • Encoding Types
    • Protocol Validation
  • Protection Use Cases
    • HTTP Protocol Violation
    • Protocol Anomalies
    • Bot Detection
    • Injection Prevention
    • HTTP Request Smuggling
    • HTTP Response Splitting
    • XSS Prevention
    • LFI and RFI
    • Session Fixation
    • SQL Injection Prevention
    • Layer 7 Dos Attack Prevention
    • PHP Application Protection
  • Detection Techniques
    • Normalization
    • Negative Security Model
    • Signature and Rule Database
  • FAQ
    • Onboarding Process
    • Dashboard Terminology
    • Attack Section
    • Rule Set
    • Traffic 360: General Traffic Logs
    • ML Based Bot Mitigation
    • Generating Reports
    • Anomaly Detection
    • General
  • Software Updates
    • Release Notes v2.3.0
  • Release Notes v2.4.0
  • Release Notes v2.5.0
  • API Security Dashboard
    • API Security Features of Prophaze
    • API security scoring
    • Host-Based API Quality Score
    • How to Enable API Security and Dashboard
    • API Security Section
  • CVE
    • CVE-2024
    • CVE-2023
    • CVE-2022
    • CVE-2021
    • CVE-2020
    • CVE-2019
    • CVE-2018
    • CVE-2017
    • CVE-2012
    • CVE-2011
    • CVE-2009
    • CVE-2008
    • CVE-2001
Powered by GitBook
On this page
  • API Security Module Overview
  • 1. Continuous API Discovery:
  • 2. Dashboard and Analytics:
  • 3. Detailed Examination of API Actions:
  • 4. Analytics:
  • Two Methods for Activation:

Was this helpful?

  1. DASHBOARD UI OVERVIEW

API Security

Our advanced API Security Module ensures continuous discovery and monitoring of APIs, enabling real-time identification and tracking of all types, including edge APIs.

PreviousTraffic AnalysisNextAttack Analytics

Last updated 8 months ago

Was this helpful?

API Security Module Overview

This provides organizations with comprehensive visibility into their API ecosystem, allowing for detailed analytics and enhanced security measures.

1. Continuous API Discovery:

  • The API Security Module constantly monitors your environment, discovering new APIs and tracking various API types, including edge APIs.

  • Continuous discovery ensures that any new or previously unknown APIs are identified in real time, reducing the risk of shadow APIs going unnoticed.

2. Dashboard and Analytics:

  • The dashboard provides a centralized view of all API endpoints and offers detailed analytics to monitor API performance and security.

  • The dashboard visualizes data, making it easier to identify trends, analyze traffic, and assess security issues across different API endpoints. This aids in proactive security management.

3. Detailed Examination of API Actions:

  • You get detailed insights into the actions performed by APIs, such as headers, query parameters, and body parameters.

  • This granular level of visibility helps security teams understand how APIs are being used and pinpoint potential vulnerabilities based on the data being transmitted.

4. Analytics:

a.)Endpoint Information:

Shows the method used (e.g., GET, POST) for each endpoint, the number of attacks detected, and traffic data. This helps monitor which endpoints are most vulnerable or most accessed.

b.)Attack Analytics:

Tracks attempted and successful attacks on APIs, helping to refine security policies.

c.)Traffic Analytics:

Monitors traffic to identify usage patterns or anomalies, which could indicate an attack or unusual behavior.

d.)Top IP Addresses/Countries:

Identifies the origin of traffic, helping you recognize potential threats from specific IPs or geographical locations.

e.)Status Codes:

Shows HTTP response codes, which help to understand if endpoints are functioning correctly or are facing issues (e.g., too many 404 errors).

Two Methods for Activation:

  • Onboarding Configuration: API security can be set up during the initial onboarding process to ensure security is embedded from the start.

  • Domain Settings: API security can also be activated or modified later through the domain settings, providing flexibility for adjustments as needed.

The API Security offers comprehensive tools to monitor, analyze, and secure your APIs. With continuous discovery, detailed analytics, and the ability to customize rules, it ensures that your APIs are protected against evolving threats, all while providing deep visibility into API performance and security.