BOS Founder and CEO Sashank Purighalla was recently interviewed by CMSwire about API security.
Here are a couple of highlights:
APIs provide a way for hackers to access data because “developers are not natively trained to think about security. The advent of newer efficiency-focused development tools do not take a systemic view and cause developers to become that much more silo focused,” says Sashank Purighalla, Founder and CEO of cloud engineering and cybersecurity company, BOS Framework.
Purighalla points out that system-focused hackers “are intentionally looking for those gaps that exist in-between systems. And it is in-between places that vulnerabilities exist.”
Also:
Many APIs are easily discoverable, and that is music to the ears of hackers. To control the number of API requests and who receives access you should “gate your API documentation behind authorization credentials,” recommends Purighalla.
Purighalla also suggests avoiding making APIs too user-friendly. Hackers frequently impersonate users and use descriptive error messages to peek under the hood. At times, saying that an account wasn’t found instead of pointing out, there was an incorrect password can prevent a hacker from gaining too much useful information.
BOS is a cloud engineering automation platform that helps you increase your security, modernize your legacy systems, and integrate disparate products while reducing your cloud infrastructure overhead and maintenance.
