Finding API

Started in March 2024

Through API’s (both inside the network and Internet facing API’s), sensitive data may be communicated, which logically makes them a popular target for cybercriminals. Therefore the security of APIs needs to be enhanced, both APIs internally in the IT infrastructure and APIs that are Internet faced. In order to do that, all the APIs need to be known, which is not always the case at large organisations.

https://pcsi.nl/uploads/projects/Finding-api.png

Project proposal

This project intends to develop a methodology to automatically find APIs in the network and store the main characteristics for each API such as:

  • Which protocols does it use
  • What exposure does it have
  • Is it an API that is Custom built or an API Out of the Box, or a mix
  • The layers (e.g. network layer, application layer) on which the API operates

Expected benefits of the Finding API project

The PCSI partners will have increased insight in which APIs are in use and what the characteristics are of those APIs, so they can take appropriate security measures for each API, thereby increasing their resilience level.

Why do we want to work on this idea within the PCSI?

All partner experience the same issue on this topic and current market solutions do not fulfill their needs. Collaboratively, the individual partners can come up with an innovative solution much more effectively.

Our use-case:

Insufficient insight in which APIs are in use.

Project results

Activities in Explore phase

State of the Art in automatically locating APIs in IT infrastructure. What is out there in the world (not re-invent the wheel):

  • Frameworks
  • Best Practices
  • Tools
  • Studies

This project is part of the trend

47 Threat May 2024

API security is becoming more important

Beeldmerk PCSI
PCSI is een samenwerking van
    ABN-AMRO Achmea ASML Belastingdienst ING TNO