API Discovery
Aimed to assist the security teams to control APIs and discover potential excessive data exposure. It generates a dynamic API endpoints catalogs
API-WAF Module
The API-WAF module protects from malicious content-based (“classical”) applicative attacks, as appears in the “OWASP top 10” – APIs and Applications security lists. Performing in real-time, it conducts full deep packet inspection (DPI), followed by an intensive AI analysis for each request (API endpoint) argument value and server reply content, which can catch advanced attack vectors generated by AI tools, making it the ultimate first line of API protection at the era of AI attacks.
API-BOT Module
The API-BOT module protects API endpoints from bot attacks, as listed in the “Automated Threats to Web Applications” list, aka “OWASP Top 20”. It performs real-time deep packet inspection (DPI), followed by near real-time AI analysis of the API(s) traffic – content, context, and metadata, applying relevant bot activity measurements along multiple time scales, enabling to catch the slowest bots that can operate for days. ammune™ API-Bot module can detect advanced bot attack tactics generated by AI tools. These capabilities are making it the ultimate first line of API protection from bot attacks in the era of AI attacks.
API-DDoS Module
The API-DDoS module protects from applicative DDoS attacks tailored against specific API endpoint(s). Such attacks may use camouflage techniques, such as rotating source IPs, and request content randomization while using optimization AI-based algorithms to decide on the next wave of attack tactics. ammune™ API-DDoS module performs real-time deep packet inspection (DPI), followed by AI analysis that uses specific DDoS measurements alongside general bot measurements at the endpoint level. It can catch multi-vector DDoS attacks at scales of even 100 DDoS vectors simultaneously. These capabilities are making it the ultimate first line of API protection from bot attacks at the era of AI attacks.
API-BL Module
The API-BL module protects APIs from Business Logic (BL) attacks, leading to forbidden data or functionality access or abused business processes and fraud. As some of these attacks are listed in the “OWASP Top 10 – API security list “ few more attack types were added by us. ammune™ performs in-session traffic analysis to identify these attack patterns in real-time, involving session as well as historical data points. It completes the first line of protection together with the API-WAF module.