4.
Plan for denial of service DoS attacks against exposed APIs:
attackers
will use DoS and distributed DoS DDoS attack techniques to reduce
availability in your APIs. Traditionally, protections are sought for volumetric,
protocol, or application-layer attacks. DDoS mitigation services and cloud
scrubbing services might address volumetric and protocol forms of DoS but
can leave application-layer exposed. For vendors that claim to cover
application-layer, ensure that they are able to parse API context. API
parameters are highly unique per organization, based on the business logic
they create and how they integrate other services. Parameters within API
requests vary greatly from one organization’s architecture to the next,
making application-layer DoS for APIs very nuanced.
5.
Dostları ilə paylaş: