Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Secure OWASP API Top 10 with F5 products | Start here

Kin
F5 Employee
F5 Employee

‎20-Nov-2022 18:00 - edited ‎18-Sep-2023 18:30

What is API

Application programming interfaces (APIs) are software components that provide a contract for client devices to interact with the server-side of an application. For example, a client can use APIs to send a GET request to retrieve data from a server. The server processes the request according to pre-defined functions and responds to the client with the application data. This differs from traditional web application requests where clients communicate with servers through web browsers and servers respond with HTML web pages. 

Kin_0-1667956730931.png

API security requires its own set of security strategies

Each API request (GET /userinfo, DELETE /userId/item and so on) that provides functionality for users exposes API endpoints that have become a target for attackers. As an application grows and becomes more complex, the number of API endpoints increase and so does the attack surface of the application. Compared to traditional web application where the client's main responsibility is to render the web page, API applications can rely more on the client side such as to maintain session state. In addition to that, APIs by nature exposes application logic and sensitive data. As a result, vulnerabilities due to API security are different from what you have in the OWASP top 10 for web applications (2021). API security vulnerabilities have their own unique details and require their own set of security strategies and solutions; therefore, that group of vulnerabilities has its own: OWASP top 10 for API security (2023)

Secure your APIs with F5 products

The responsibility of securing your APIs does not fall solely on application code on the client and server systems. F5 products are strategically positioned in this line of (client-sever) communication as they can see parameters in the API requests, orchestrate data flow, and understand the business logic of the application. The range of BIG-IP modules (Advanced WAF, BIG-IP APM, BIG-IP LTM), NGINX and F5 Distributed Cloud products provide you with granular control to implement specific API protections (such as content validation, access control, rate limiting, and so on) that you need to protect against the OWASP API security Top 10 (2023).

To find out more on to protect how your APIs with F5's range of BIG-IP, NGINX and F5 Distributed Cloud products, refer to one of the following chapters that you're most interested in:

Labels:
Version history
Last update:
‎18-Sep-2023 18:30
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC