Enhancing Security with Cloud-based API Management: Best Practices and Implementation

Loading...
Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis

Date

2024-07-31

Department

Major/Subject

Security and Cloud Computing

Mcode

SCI3113

Degree programme

Master’s Programme in Security and Cloud Computing (SECCLO)

Language

en

Pages

73+4

Series

Abstract

In the context of digital transformation, Application Programming Interfaces (APIs) have become fundamental to software integration and interaction. Despite their numerous advantages, APIs present significant security challenges. Therefore, this thesis focuses on the Azure platform to establish a robust API management (APIM) system that addresses security vulnerabilities by implementing the best possible practices. The study begins by identifying common security threats specific to APIs, followed by evaluating security practices against these threats. Additionally, threat modeling has also been conducted to systematically identify and categorize potential security threats within the existing External APIM architecture. To mitigate the identified vulnerabilities, a series of enhanced security practices is proposed and implemented, such as strict CORS policies, rate limiting both at the API Gateway and Application Gateway levels, and the integration of Web Application Firewall. The implementation of these security practices for the External APIM is validated through a detailed analysis of their effectiveness. More than 32,000 malicious requests are blocked, almost 230,000 false positive requests are handled, and two malicious IP addresses are detected. Hence, the results indicate a significant improvement in the security posture of the company's APIM system. The findings underscore the importance of adopting a centralized approach to API security, which can be crucial for organizations looking to protect their digital assets and maintain trust with their users in an increasingly interconnected world.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Wang, Changjie
Konovalova, Aleksandra

Keywords

API security, API management, Web application firewall, vulnerability, threat modeling, cybersecurity

Other note

Citation