In F5’s The State of Application Strategy in 2021 report, 58% of respondents said they are building a layer of APIs to modernize applications. Increasingly, though, breaches are taking the form of attacks on APIs. By Karthik Krishnaswamy.
This article then describes:
- Introducing the NGINX Controller App Security add‑on for API management
- Distributed API Security in any environment
- Enhanced visibility and analytics
- Flexible and fine-tuned policies
- DevOps friendly API security
The NGINX Controller API Management Module provides a variety of mechanisms to protect your APIs, including rate limiting, authentication and authorization. With Controller App Security, you now can now deploy a web application firewall (WAF) to protect your APIs across a multi‑cloud, distributed environment.
Built on F5’s proven security expertise, Controller App Security provides out-of-the-box protection against OWASP API Security Top 10 vulnerabilities, as well as common vulnerabilities like SQL injection and remote command execution (RCE). The add‑on checks for malformed cookies, JSON, and XML, and also validates allowed file types and response status codes. It ensures compliance with HTTP RFCs and detects evasion techniques used to mask attacks. How interesting!
[Read More]