It is hard to protect what you cannot see. So many times, organizations are not aware of all their assets, including APIs. They prepare to have their Internet-exposed application assessed during pentests but have to go through the drill of taking inventory of all the applications. This is a similar task for all external assets, and companies do not always know what they have exposed, which makes assessing and securing them difficult. Phillip Wylie discusses how to integrate APIs into External Attack Surface Management (EASM) to improve the security posture of external facing APIs.
Detailed Outline:
- Defining Attack Surface Management (ASM)
- Why Prioritize External Attack Surface Management (EASM)?
- Discovering Attack Surface
- API Pentesting & Tools
- Addressing Gaps EASM