当前位置:网站首页>How to realize API security reinforcement under the background of digital transformation?

How to realize API security reinforcement under the background of digital transformation?

2021-06-23 21:25:11 hanniuniu12

  
   In the past year , Because of the influence of COVID-19 , Enterprises are forced to telecommuting in unprecedented scope , Try new ways to use technology to serve customers . Statistical display , The number of enterprises carrying out modernization is more than 2020 Years increased 133%. There are many ways to modernize applications , adopt API Enabling modern interfaces is undoubtedly a cost-effective way . And with the API The surge of , How to achieve API Safety reinforcement has become the focus of enterprises . So today we're going to talk about API Gateway security reinforcement architecture and F5 API Reinforcement solutions .

  API Gateway security reinforcement architecture

   From the perspective of attack ,API The security reinforcement architecture of gateway is similar to that of traditional application , Divided into network layer 、 Delivery and transport layer 、 application layer . stay API The application level of gateway security reinforcement architecture , Focus on two aspects of Robot Attack and vulnerability attack :
  

   Robot Attack : Now on the Internet 50% That's what happens to robots BOT, Robots can simulate normal business requests to access the system , cause API The gateway system's resources are consumed on meaningless requests . When a large number of robots simulate normal business access to request API Gateway time , This kind of application layer DDoS The attack will do harm to us API Gateway brings huge performance overhead , Lead to API The gateway system is not available . So in the application layer , Need to deploy WAF Kind of product , To identify and defend against robot attacks , Reduce Robot Attack on API Attack threat from gateway .

   Vulnerability attacks :WAF In addition to defending against robot attacks , Also need to be able to identify vulnerabilities against the application system , For example, injection attacks , Cross site attacks , Scanning, detecting attacks and so on , While dealing with attacks ,WAF Need to detect API Content , Found embedded in API Payload Attack code in . Deployed in API In front of the gateway WAF Need to be programmable , Realize the rapid defense of Zero Day attack .

  Advanced WAF(API Security - new generation WAF) Advanced application layer protection module

   About F5 API Reinforcement solutions , Mainly involves :AFM Advanced firewall module 、LTM Load balancing module 、SSLO Encryption and decryption traffic layout module 、Advanced WAF(API Security - new generation WAF) Advanced application layer protection module 、APM Authentication and authorization policy management module 、HSL High speed log engine . This article will talk about Advanced WAF(API Security - new generation WAF) Application layer protection related content .
 

   in the light of API The protection of , First you need to understand the data and API The structure of the application ,F5 Advanced WAF(API Security - new generation WAF) Support will OpenAPI And Swagger Profile import , Automatically generate path policy according to configuration file , And press different API Paths provide different depths of protection . Through the wizard configuration method , It greatly improves the convenience of protection deployment .

   Robot defense : Robot protection based on multiple dimensions , Through the robot feature library , Quickly block malicious robot attacks ; about API Interface ,Advanced WAF(API Security - new generation WAF) utilize X-Security-Update-URL The header will JavaScript The script is inserted into API In the first reply message returned by the application , Subsequently passed X-Security-Request Judge it API Access is the legitimacy of the request . Throughout API During the visit ,Advanced WAF(API Security - new generation WAF) Will continue to step through the intermediate detection API Interaction , Make sure the robot BOT Can't bypass detection , bring API The gateway is not affected by robot attacks .
  

   application layer DDoS Attack protection :API DDoS Attacks usually simulate normal API Access Process , Aiming consumption API High performance resources of gateway are attacked , So as to achieve API The gateway is down , The purpose of the business interruption .Advanced WAF(API Security - new generation WAF) The protection module can be detected through multiple dimensions API DDoS attack , adopt Java script To effectively control API Frequency of visits , To reduce DDoS The purpose of the attack impact . meanwhile ,Advanced WAF(API Security - new generation WAF) It will also be based on API The delay returned by the gateway to judge API Whether the gateway is abnormal , Is there an attack in the network . When API When the delay returned by the gateway is higher than the set threshold ,Advanced WAF(API Security - new generation WAF) The module will actively intervene , Active traffic detection and attack protection .
 

  Advanced WAF(API Security - new generation WAF) Application layer protection has more than two functions . Besides , It can also check the content of the agreement 、 Access restrictions 、 Scan blocked 、 Brute force cracking protection 、 Support the hiding of custom data 、IP Address reputation protection and new API Flexible call of interface protection strategy .

  API The popularity of technology has a significant impact on application security and delivery technology .API Vulnerable to attack , Because by definition , They expose application logic and sensitive data to other applications or third parties .F5 Advanced WAF(API Security - new generation WAF) The product has AS3 modular , The security operation and maintenance personnel can API Application classification , Template defense strategies according to different types ,API Application in the development process can be through AS3 Module calls automatically Advanced WAF(API Security - new generation WAF) The relevant defense strategy template on , So as to realize the parallel of security deployment and business publishing efficiency .
  

版权声明
本文为[hanniuniu12]所创,转载请带上原文链接,感谢
https://chowdera.com/2021/06/20210623212439815A.html