Finding API

Started in March 2024

Through API’s (both inside the network and Internet facing API’s), sensitive data may be communicated, which logically makes them a popular target for cybercriminals. Therefore, the security of APIs needs to be enhanced, both APIs internally in the IT infrastructure and APIs that are Internet faced. In order to do that, all the APIs need to be known, which is not always the case at large organisations. 

https://pcsi.nl/uploads/projects/Finding-api.png

Project proposal 

This project intends to develop a platform to automatically find APIs in the network and store the main characteristics for each API such as: 

  • Which protocols does it use 

  • What exposure does it have 

  • Is it an API that is Custom built or an API Out of the Box, or a mix 

  • The layers (e.g. network layer, application layer) on which the API operates 

Next to the API data collection, we plan to work closely with our partners to develop a risk model, that is able to tell us how sensitive each API is, in terms of Confidentiality, Availability and Integrity. 

Expected benefits of the Finding API project 

The PCSI partners will have increased insight in which APIs are in use and what the characteristics are of those APIs, so they can take appropriate security measures for each API, thereby increasing their resilience level.  

Why do we want to work on this idea within the PCSI? 

All partners experience the same issue on this topic and current market solutions do not fulfill their needs. Collaboratively, the individual partners can produce an innovative solution much more effectively. 

Our use-case:  

Insufficient insight into which APIs are in use, not clear overview of which APIs are most sensitive. 

Project results 

Activities in Explore phase 

State of the Art in automatically locating APIs in IT infrastructure. What is out there in the world (not re-invent the wheel) and what remains unexplored: 

  • Investigate existing Frameworks 

  • Research best practices 

  • Test existing tools and methods 

  • Understand the needs of the industry 

  • Propose a novel approach for API discovery 

Activities in PoC phase 

Test a novel approach at API discovery: 

  • Gather relevant data and use cases. 

  • Develop a new method of API discovery using Artificial Intelligence. 

  • Combine the automatic discovery process with human expertise. 

Activities in Pilot phase 

Improve the API discovery tool: 

  • Further develop AI model for API information extraction. 

  • Collaborate with experts to develop risk model based on extracted information. 

  • Improve integration within existing pipelines. 

Beeldmerk PCSI
PCSI is a collaboration of
    ABN-AMRO Achmea ASML Belastingdienst ING TNO