API Inspect

API Inspect is a continuous automated security service that finds potential vulnerabilities in the authentication and encryption layers of Internet-facing APIs based on their respective definitions and API specification. These APIs are inspected on a continuous basis by the Data Theorem Analyzer Engine. This service provides a policy-based alerting system to help protect customers when problems arise due to changes in an API’s functional operation that differs from its API specification.

If there are other cloud services like Amazon S3 buckets that lose critical security protections like authentication, this service notifies customers of potential security issues. Lastly, the service can generate security tasks with recommended changes for developers to remedy the respective API security problems.

The API Inspect service:
  • Verifies the operating health of authentication controls
  • Analyzes the encryption controls and active versions of SSL/TLS
  • Provides insights on certificate transparency (CT logs) issues
  • Continuously verifies Open API 3.0 specification and real-time operation
  • Alerts based on policy violations and security flaws
  • Creates security tasks to remedy vulnerabilities and privacy problems
  • Integrates with Bug Tracking Systems e.g. JIRA, Bugzilla, etc.

Customers that utilize 3rd party or cloud-native API gateways can utilize this service to conduct additional cross-checks on the expected operations of their known APIs. With API gateway cross-checking, the service inspects potential misconfigurations that can occur on the gateways. Customers that utilize App Secure for mobile app security are automatically enrolled in the API Inspect service to deliver a deeper level of security analysis on their mobile-centric API services.

Ready for a closer look?

Keeping Mobile Unified Communications Secure

Data Theorem helped RingCentral identify and close 30 security issues and remove 27 harmful third-party libraries, all before releasing them to the public app stores.