Four best-practices for introducing new application security standards to secure APIs
This article is the second in a three part series focused on application security in the API-first era. The articles summarize a 3-part executive series in which leading global security and technology executives discussed how their organizations are adjusting their security practices for the API-first era.
The first article in the series highlighted the business perspective and the importance of integrating the broader business context within the security strategy. This article moves on to the organizational perspective, focusing on best practices for introducing new application security standards to secure APIs. It also discusses how appsec programs should be restructured to enable greater visibility and control.
The article is based on the valuable insights shared by Darren Shelcusky, Manager Vehicle and Mobility Cybersecurity at Ford. However, the lessons learned go way beyond the automotive industry; with reality being that today, every company is a technology company, the lessons you read here can be applied to enterprises in almost every vertical in the global market.
Modern enterprises face significant challenges when it comes to establishing new organizational processes, in light of the expanded cybersecurity landscape of the API-first era. While these challenges may be impossible to solve completely, enterprises must strive to overcome them — or at least get a handle on them — to the greatest extent possible.
Software is eating the world, APIs are eating software, and attackers are eating APIs
New levels of connectivity have expanded the customer experience beyond the product itself. Customer experience now extends to the software features that are streamed into the product post-purchase, both by the brand and by 3rd party partners. Consumers’ expectations regarding the ability to integrate different software from different devices into a product have become the norm.
Many products now leverage APIs as a gateway to delivering new software — features, capabilities, and upgrades — into the product itself. This software can provide anything from weather and traffic updates to security enhancements and 3rd party games.
This new reality means that brands are contending with new issues like software supply chains, SDKs, and open-source software, meaning that brands must rethink their security approach towards an open perimeter that enables interaction with external actors. This transition requires that products delivered to the consumer accommodate augmented features and services delivered via APIs.
*** This is a Security Bloggers Network syndicated blog from Imvision Blog authored by Omer Primor. Read the original post at: https://blog.imvision.ai/four-best-practices-for-introducing-new-application-security-standards-to-secure-apis
