Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Comprehensive API and SOA Security

advertisement 
Axway API Gateway Solutions
Comprehensive API and SOA Security
Protect and Monitor Your APIs and SOA Ser vices with Axway API Gateway
Axway API Gateway and the Axway
API Management Solution Pack
protect all types of APIs and SOA
services at the interface, access
and data level.
As organizations expose more enterprise APIs and SOA services that handle sensitive
data and business-critical functions, security and access control have become
must-have capabilities. Protecting the business means protecting against the kind of
attacks and security breaches that can result in brand damage, loss of revenue and
compliance penalties.
With Axway API Gateway and the Axway API Management Solution Pack, organizations
can protect APIs (including REST-style APIs) and SOA services at all levels: interface,
access, and data. Comprehensive API security and out-of-the-box identity management
integrations deflect attacks against, control access to, and secure the data transmitted
by APIs and SOA services. Complete auditing, monitoring, logging and reporting
capabilities also help enterprises meet the most stringent compliance mandates.
Protect APIs against both enemy and friendly fire
Cloud and mobile computing have greatly increased the usage of APIs not only in terms
of traffic volume, but also in terms of the number of different API clients in use,
some of which are poorly engineered. A popular but misbehaving client repeatedly
sending requests can cause as much damage as a malicious distributed denial-ofservice attack.
Serving as the policy enforcement point (PEP) that authenticates, authorizes and
audits API access, Axway API Gateway protects APIs from malicious attacks as well as
potential “friendly fire” by monitoring API call volume and client behaviors. Clients that
exhibit disruptive behaviors, such as denial-of service attacks or cross-site scripting,
can be blocked or throttled.
Axway API Gateway is a nextgeneration technology that enables
enterprises to standardize the
API development and delivery
capabilities required to provide
business services via cloud, mobile
and partner channels. Encapsulating
application gateway, cloud service
broker and identity middleware
functionality in a unified platform, it
provides an agile API environment
that leverages existing back-end
applications, services and data to
help speed time-to-market for new
business services.
Axway API Management
Solution Pack is a dedicated API
management solution that works
with Axway API Gateway to simplify
all aspects of publishing, promoting
and managing APIs in a secure,
scalable environment.
w w w. a x way. c o m
1
Axway API Gateway Solutions
Together, Axway API Gateway and
API Management Solution Pack
provide:
ƒƒ Protection against attacks
ƒƒ Authentication, including multifactor and contextual
Enforce message-level security across all API and SOA web
service traffic
Unlike network and web application firewalls, Axway API Gateway detects and prevents
message-level threats across all API and SOA traffic, including cloud, web, mobile and
B2B channels.
ƒƒ Authorization, including finegrained and contextual
ƒƒ Messages are scanned at the protocol header, SOAP header, XML and attachment
levels.
ƒƒ Integration with identity
management platforms
ƒƒ REST API methods (GET, PUT, DELETE, POST, etc.) can be selectively restricted to
ensure that inappropriate method usage is detected and blocked.
ƒƒ Federation (OAuth, SAML)
ƒƒ Payloads and attachments are scanned for harmful content, JSON/REST schema
validation and enforcement of schema usage policies.
ƒƒ Data monitoring, redaction,
encryption and signing
Out-of-the-box integration with
leading identity management
platforms
Axway API Gateway integrates
with CA, IBM, Oracle and other
identity management platforms,
and provides enhanced capabilities
including identity federation, cloud
single sign-on, OAuth support,
and client- and application-based
authentication.
In addition, Axway API Management
Solution Pack enables secure
administration and storage of all
forms of API and SOA security
artifacts such as tokens, keys and
certificates.
ƒƒ Out-of-the-box integration with CLAM AV, McAfee, and Sophos detects and prevents
common attacks against APIs, including:
∙∙ Denial of service attacks
∙∙ Command injection attacks
∙∙ Malicious code and viruses
∙∙ Sniffing
∙∙ Spoofing, tampering, and impersonation
∙∙ Data harvesting
∙∙ Privilege escalation
∙∙ Reconnaissance
Secure REST APIs with enterprise-strength protection and
integrations
Especially suitable for mobile applications, REST (Representational State Transfer)-style
(“RESTful”) APIs are quickly gaining popularity among developers and architects. While
REST is lightweight and easy to implement, it is a pattern and not a standard, which
has made it more difficult to secure in enterprise environments. For example, most
REST APIs are accessible only by authorized clients. Axway API Gateway authenticates
and authorizes REST API requests, making it just as easy to implement enterprisestrength protection and integration for REST APIs as it is for SOAP and other APIs.
Use OAuth and SAML for identity federation
Consumer users often prefer to use their existing credentials from Google, Facebook,
Twitter or other third-party identity providers to log in to an application. This capability
is usually implemented using the OAuth standard, and more specifically the threelegged OAuth pattern. Axway API Gateway provides comprehensive OAuth support to
help API developers incorporate OAuth client, resource server, and authorization-server
capabilities into REST APIs.
2
w w w. a x way. c o m
Axway API Gateway Solutions
SAML (Security Assertion Mark-up Language) is more popular with enterprise
federation scenarios. Axway API Gateway supports OAuth, SAML, XACML, X.509,
Kerberos, OpenID and other popular authentication and authorization standards.
Other Axway API Gateway Solutions
include:
ƒƒ API Identity and Access
Federation
Protect SOA services with access control and identity
management
ƒƒ Application Services Governance
While SOA web services are supported by a comprehensive set of security standards
(SAML, WS-Security, WS-Trust, WS-Federation, WS-I and WS-Secured Conversation) the
task of implementing them “by the book” is daunting for developers. This leaves most
SOA services without sufficient access control.
Axway API Gateway provides out-of-the-box access control capabilities for SOA services,
including authentication, authorization, audit, trust relationship management and
identity federation. These capabilities are in addition to the basic security capabilities
such as transport security, encryption and signing.
ƒƒ Bring Your Own Device (BYOD)
ƒƒ Cloud API and Service Brokering
ƒƒ Cloud Data Security
ƒƒ Cloud Identity Service
ƒƒ Cloud Single Sign-On
ƒƒ Fine-Grained Authorization
ƒƒ Mobile API
ƒƒ SharePoint Gateway
For More Information, visit www.axway.com
Copyright © Axway 2015. All rights reser ved.
w w w. a x way. c o m
3
SB _COMPREHENSIVE_API_SOA_SECURITY_EN_AXW_020615
Related documents
SMS API - Nandimobile
SMS API - Nandimobile
API Standard 530
API Standard 530
Espresso Logic Overview
Espresso Logic Overview
Usage of the memoQ web service API by LSP
Usage of the memoQ web service API by LSP
computerappsenterprise_lectures45
computerappsenterprise_lectures45
About Active.com
About Active.com
User Interface Principles in API Design
User Interface Principles in API Design
digital business integration automotive industry
digital business integration automotive industry
Download
advertisement