Published with permission from author Subbu Iyer, VP of Product Management, Cequence Security
Introduction
The recent rash of API security incidents (Peloton, Experian, Clubhouse, etc.) has no doubt forced many security and development teams to take a closer look at their API security posture to ensure they are not the next headline. Creating an inventory of all APIs exposed to external audiences is the most common starting point that organizations take when putting together or re-evaluating their API security program. With this inventory in place, the next step is to evaluate each exposed API for potential security risks, such as weak authentication or exposure of sensitive data in cleartext.