Enhancing Security with Cloud-based API Management: Best Practices and Implementation
Loading...
URL
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Authors
Date
2024-07-31
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
73+4
Series
Abstract
In the context of digital transformation, Application Programming Interfaces (APIs) have become fundamental to software integration and interaction. Despite their numerous advantages, APIs present significant security challenges. Therefore, this thesis focuses on the Azure platform to establish a robust API management (APIM) system that addresses security vulnerabilities by implementing the best possible practices. The study begins by identifying common security threats specific to APIs, followed by evaluating security practices against these threats. Additionally, threat modeling has also been conducted to systematically identify and categorize potential security threats within the existing External APIM architecture. To mitigate the identified vulnerabilities, a series of enhanced security practices is proposed and implemented, such as strict CORS policies, rate limiting both at the API Gateway and Application Gateway levels, and the integration of Web Application Firewall. The implementation of these security practices for the External APIM is validated through a detailed analysis of their effectiveness. More than 32,000 malicious requests are blocked, almost 230,000 false positive requests are handled, and two malicious IP addresses are detected. Hence, the results indicate a significant improvement in the security posture of the company's APIM system. The findings underscore the importance of adopting a centralized approach to API security, which can be crucial for organizations looking to protect their digital assets and maintain trust with their users in an increasingly interconnected world.Description
Supervisor
Aura, TuomasThesis advisor
Wang, ChangjieKonovalova, Aleksandra
Keywords
API security, API management, Web application firewall, vulnerability, threat modeling, cybersecurity