SANS Traceable Product Review – Is Your APIs Exposed?

Some definitive trends are emerging in the realm of software development and deployment. Many applications are web services, many are moving to the cloud (or are being built there), and more often than not a wide range of APIs are attached to them. This last item is particularly concerning for security professionals because examples abound of APIs that are improperly enabled, exposed, or configured.

It’s easy for engineering and DevOps teams building modern API-enabled applications to deliberately or accidentally expose more than they bargained for, possibly with unfortunate results. Security teams are realizing that API security is more critical than ever and that they need new solutions to help achieve the necessary security.

In this paper, SANS analyst Dave Shackelford independently reviews the Traceable AI platform which can identify APIs in use, map application flows across services and APIs, track sensitive data noted with API usage, and profile the risks and attacks these APIs and services face. Traceable also identifies attackers and blocks malicious activity. In this review, Dave outline’s the platform, presents what he tested, and provides his overall impressions of Traceable’s capabilities.