Friday, March 14, 2025
HomeApp SecurityTraceable API Safety Platform Updates – Might 2024
App Security

Traceable API Safety Platform Updates – Might 2024

By wpusername1004
0
29
Traceable API Safety Platform Updates – Might 2024


Traceable API Safety Platform Updates – Might 2024

This previous month’s releases embody a significant replace for organizations monitoring the compliance posture of their APIs: Traceable Compliance Insurance policies and Points. We’ve additionally launched span filters for fine-grained focusing on of API safety assessments, an replace to our Cloudflare WAF integration, and new detection logic for credential stuffing assaults.

Compliance Insurance policies & Points Dashboard

Sustaining an correct and updated API stock and robust safety controls round APIs are key necessities of many organizations’ safety and compliance applications. Many organizations preserve and implement their very own organization-specific safety insurance policies along with monitoring compliance in opposition to business or data-specific regulatory frameworks akin to PCI-DSS. Traceable’s new Compliance Insurance policies make it simpler than ever to keep up and monitor the compliance posture of your APIs in opposition to particular necessities. With Compliance Insurance policies you may:

  • Simply monitor and preserve compliance along with your group’s safety insurance policies or particular regulatory frameworks like PCI-DSS
  • Create fine-grained customized insurance policies on your group’s particular necessities
  • Repeatedly determine endpoints that violate your group’s insurance policies, so you may act rapidly to restore your compliance posture
  • Evaluate and triage compliance-related points together with API safety testing findings from a unified “Points” dashboard
  • Compliance insurance policies come seeded with some suggestions from Traceable that we see mostly in our buyer’s environments. You’ll find these below the “Traceable Beneficial Insurance policies” part.
Traceable API Safety Platform Updates – Might 2024

Traceable’s new Compliance Insurance policies make it simpler than ever to keep up and monitor the compliance posture of your APIs in opposition to particular necessities.


You need to use Compliance Insurance policies to determine violations aside from the usual vulnerabilities that Traceable already identifies. We have now included Traceable-recommended Compliance Insurance policies and PCI-DSS Compliance Insurance policies out of the field. PCI-DSS applies to any group processing fee card data. Our PCI-DSS insurance policies routinely determine API endpoints that expose bank card knowledge and haven’t been scanned for vulnerabilities within the final 30 days, lack encryption or authentication, or include particular vulnerabilities.

You can too create fine-grained Customized Insurance policies to assist and monitor your group’s particular compliance necessities. Customized Insurance policies might be configured to determine violations based mostly on numerous attributes, such because the setting the API is current in, its vulnerability sort, and delicate knowledge in requests and responses.

Violations recognized through Compliance Insurance policies will likely be surfaced within the “Points” dashboard (previously Vulnerabilities) which additionally contains findings from API safety testing. You may filter by Supply and choose Compliance to view and triage all compliance points.

Traceable Issues dashboard

Violations recognized through Compliance Insurance policies will likely be surfaced within the “Points” dashboard (previously Vulnerabilities) which additionally contains findings from API safety testing.

Wonderful-Grained Filters for Focused API Safety Testing

We have now added new filters inside API Safety Testing to allow you to create and run focused assessments on a subset of API site visitors. This allows you to run fine-grained assessments extra rapidly and effectively. Filtering is now accessible as a configuration choice inside particular person Take a look at Suites, or in your Atmosphere Configuration when replay is enabled. Filters might be configured to check solely a subset of the site visitors based mostly on key worth pairs for attributes, request headers, and request cookies.

Enhancements to Credential Stuffing and Volumetric Assault Detection

Credential stuffing is an assault method wherein hackers leverage a listing of credentials, often obtained from a knowledge breach or bought on the darkish net, and try and login to an unrelated service. This method might be profitable as a result of many individuals nonetheless repeat the identical usernames and passwords throughout providers, permitting an attacker to take the stolen login from a compromised service and efficiently login to a sufferer service. These assaults usually leverage automation from bots to check a big quantity of credentials in opposition to the login move. Extra refined attackers might “drip” login makes an attempt over time to evade bot detection.

Traceable has made enhancements to credential stuffing detections. These detections leverage behavioral baselines for login makes an attempt per API endpoint concerned within the signup/registration and login course of. By monitoring habits throughout profitable and failed login makes an attempt, and utilizing a mix of request parameters, standing codes, and volumetric thresholds, we determine and block credential stuffing assaults.

We have now additionally made enhancements to volumetric assault detection. We detect spikes in API name counts out of the field by creating behavioral baselines for regular name volumes in order that any time there may be uncommon exercise it may be detected instantly.

In each detections the sources of site visitors concerned are grouped based mostly on frequent traits like IP ASN and Group in order that reliance on IP addresses alone is decreased as distributed volumetric assaults usually contain hundreds of particular person IP addresses which may disguise behind proxies, vpns and so forth.

Customized Signature Assist for Cloudflare WAF Integration

We have now up to date our Cloudflare WAF integration to incorporate assist for customized signatures. Customized signatures that you simply create in Traceable can now be pushed to Cloudflare for out-of-band blocking through the Cloudflare WAF along with the present IP based mostly blocking.

About Traceable

Traceable is the business’s main API Safety firm serving to organizations obtain API safety in a cloud-first, API-driven world. Traceable is the one contextually-informed resolution that powers full API safety – API discovery and posture administration, API safety testing, assault detection and menace searching, and assault safety wherever your APIs stay. Traceable allows organizations to attenuate danger and maximize the worth that APIs carry to their clients. To study extra about how API safety might help your corporation, go to https://www.traceable.ai/.

The submit Traceable API Safety Platform Updates – Might 2024 appeared first on Traceable API Safety.



Supply hyperlink

Previous articleKodeco Podcast: The Energy of Native Platforms (V2, S2, E11)
Next articleTime-Primarily based Rewards: The Final Engagement Technique for Cell Video games February 2025 (Up to date)
wpusername1004https://theappytimes.com
RELATED ARTICLES

Most Popular

Load more

Recent Comments

ABOUT US

At The Appy Times, we are driven by a passion for the intersection of creativity and technology. Our mission is to provide a platform that inspires, educates, and empowers individuals interested in gaming and app development.

© Copyright 2023 - theappytimes.com. All rights reserved