Watching the Requests Go By: Reconstructing an API Spec with APIClarity

Published: 2021-10-19

Reconstructing an OpenAPI Specification through Observation APIs are ubiquitous in modern microservice architectures. They make it easy to consume data from external apps and reduce the amount of code developers need to write. The general result is easier delivery of useful software products. However, the prevalence of APIs means they represent a large attack surface. In fact, Gartner predicts that by 2022, API attacks will be the most common attack vector for enterprise web applications. Similarly, an IBM report found that two-thirds of data breaches could be traced to misconfigured APIs. Clearly, enterprises need to take a proactive approach to ensure their use of APIs is secure. Unfortunately, with the complexity of modern apps, third-party code dependencies, and a lack of documentation, API observability is a huge challenge. Often, enterprises simply don't have any API specifications for their production apps. As a result, security-related misconfigurations go undetected, and apps use a variety of deprecated "zombie APIs" and undocumented "shadow APIs" in production.

Read More