Bots are lurking in your zombie and shadow APIs

2021-11-18 06:35

Zombie APIs commonly arise when old and less secure versions of your APIs are left to live another day.

For some reason, finding shadow and zombie APIs seems to be a much easier task for bad actors than it is for internal security and risk teams.

Because most organizations have decent protections for their obvious login endpoints and other critical APIs, it's the zombie and shadow APIs that have become the tasty treats that bots feast on.

If you do not have an API security solution in place that finds and protects your shadow APIs, then it is likely that, by the time you discover these kinds of attacks, the bot operator has already moved on to a new shadow API. It is critical today that your API security and bot prevention solutions can adapt as quick as the bots and ensure long-term protection for your entire digital footprint.

While Hollywood suggests that using the six F's-Fight, Flee, Fire, Food, First Aid, and Fix & Repair-is the right plan for surviving a real zombie attack, surviving an attack on your zombie and shadow APIs requires the three Ds: Detect, Discover, and Defend.

Detection starts with bringing all your shadow APIs into the light and ending those zombie APIs for the last time.

News URL

https://www.helpnetsecurity.com/2021/11/18/zombie-and-shadow-apis/

#API #BOT

News URL

Related news