Finding API

Started in March 2024

Through API’s (both inside the network and Internet facing API’s), sensitive data may be communicated, which logically makes them a popular target for cybercriminals. Therefore the security of APIs needs to be enhanced, both APIs internally in the IT infrastructure and APIs that are Internet faced. In order to do that, all the APIs need to be known, which is not always the case at large organisations.

https://pcsi.nl/uploads/projects/Finding-api.png

Project proposal

This project intends to develop a methodology to automatically find APIs in the network and store the main characteristics for each API such as:

  • Which protocols does it use
  • What exposure does it have
  • Is it an API that is Custom built or an API Out of the Box, or a mix
  • The layers (e.g. network layer, application layer) on which the API operates

Expected benefits of the Finding API project

The PCSI partners will have increased insight in which APIs are in use and what the characteristics are of those APIs, so they can take appropriate security measures for each API, thereby increasing their resilience level.

Why do we want to work on this idea within the PCSI?

All partner experience the same issue on this topic and current market solutions do not fulfill their needs. Collaboratively, the individual partners can come up with an innovative solution much more effectively.

Our use-case:

Insufficient insight in which APIs are in use.

Project results

Activities in Explore phase

State of the Art in automatically locating APIs in IT infrastructure. What is out there in the world (not re-invent the wheel):

  • Frameworks
  • Best Practices
  • Tools
  • Studies

This project is part of the trend

47 Threat May 2024

API security is becoming more important

APIs are increasingly used as they offer programmers and application developers programmable communication interfaces with (parts of) software and services elsewhere. However, through these interfaces, sensitive data or certain parts of an application may be communicated, which logically makes them a popular target for cybercriminals. In addition, many APIs can be accessed from the Internet and can be exploited remotely by an attacker with technical knowledge.
Beeldmerk PCSI
PCSI is a collaboration of
    ABN-AMRO Achmea ASML Belastingdienst ING TNO