Meet the new features of the ProAPI Structure product from the Webmonitorex team

Sensitivity Setting

One of the key innovations is the ability to configure sensitivity, that is, determine the number of requests per time interval at which the endpoint will be displayed in the constructed API structure. More information about setting sensitivity can be found in documentation.

How it works?

Sensitivity settings are configured for each application separately. In the appropriate section, you must specify numerical values ​​for the number of requests and the time interval.

The default settings are 5 requests per 300 seconds, which is necessary to ensure endpoint stability. However, you can configure a minimum value of 1 request and a time interval of 0 seconds, which gives you complete freedom to control these parameters.

Examples:

  • If you set the sensitivity to 5 requests per 300 seconds, you could have, for example, 89 routes.

Examples show how changing sensitivity affects the number of routes displayed. Lower sensitivity values ​​allow for less actively used endpoints to be taken into account, which increases the total number of endpoints in the API structure. However, at the same time, these endpoints may turn out to be “garbage” or superfluous, cluttering the structure with unnecessary data. On the other hand, if the sensitivity is too high, you can lose important endpoints that are rarely used but still play a key role.

Why is this necessary?

Setting sensitivity plays an important role in managing your API endpoints. In the first stage, it is important to focus on the most used endpoints to ensure that they work correctly and reliably. This allows you to quickly identify and correct underlying problems. Once the main endpoints have been thoroughly tested and optimized, we can move on to the second stage, where sensitivity can be increased. This will allow you to identify and analyze less actively used endpoints that may contain hidden problems or important features that are rarely used but have significant value.

It is also worth considering that if there are a large number of endpoints, low sensitivity may be useful in the first stage to avoid information overload. Sensitivity can then be gradually increased to cover a wider range of requests and provide end-to-end management of the API specification. This approach helps to find a balance between controllability and completeness of information about the state of endpoints.

Traffic cleaning

The Traffic Cleanup feature is designed to remove unnecessary data from the API structure, keeping it fresh and clean. This is especially useful for routes based on traffic. More information about the traffic cleaning function can be found in documentation.

During the process, the “Clear Traffic” button becomes available, which allows you to delete the endpoint structure for a specific application. Once completed, the application structure will be rebuilt based on the new traffic.

Where it can be useful

Let's consider the following situation, when the route structure is built on traffic passing through a WAF node. If you run dynamic testing as part of the CI/CD process (for example, using “ProAPI Testing”), part of the API will be formed in its process and the final structure of the endpoints will require cleaning. The traffic cleaning feature will help you start with a clean slate by eliminating requests that are not normal for a particular API. The result is an accurate and up-to-date structure that reflects only the necessary and correct endpoints.

More details about use “ProAPI Testing” as part of the CI/CD process, read our article “History of success. Implementation of the Webmonitorex platform to protect SberAuto applications

Creating WAF rules for route parameters

The ability to create WAF rules for API route parameters directly from the ProAPI Structures interface allows you to easily configure rules to protect sensitive data, create virtual patches and other actions with API route parameters. More information about creating WAF rules can be found in documentation.

How to create a rule?

To create a pre-configured rule, you need to select a specific parameter in the route and click on the “Create Rule” button. When you click the button, a context menu with three items opens:

  • Mask sensitive data.

  • Make a virtual patch.

  • Create a rule.

For example, when you select “Make a virtual patch”, the window for creating a rule for a virtual patch opens, where the data for a specific route parameter is pre-filled and the “Make virtual patch” rule is selected.

Improved API management and monitoring

Previously, managing API endpoints was a complex and time-consuming process that required constant attention. With new options for customizing request sensitivity and traffic cleaning functions, working with the API has become much easier and more convenient. Now you can easily control the display of endpoints and keep the API structure up to date.

These innovations make it much easier to manage and monitor your APIs, allowing you to focus on what matters most and maintain high performance and security. We are confident that the new functions of “ProAPI Structures” from Webmonitorex will become indispensable tools in your arsenal.

Invites you to a webinar on June 28 at 12:00, dedicated to preventing API leaks and new features in the ProAPI Structure product.

In this webinar we will cover the following topics:

About preventing API leaks:

  • Basic API Hacking Methods

  • Description of the risks of data leakage via API: a key cybersecurity issue

  • Exploring the Impact of API Hacks

  • Analysis of major API data leak incidents

  • API protection methods using the “API Leak Detection” component of the “ProAPI Structure” product of the Webmonitorex platform

About new functions of the ProAPI Structure product:

  • Setting the sensitivity of route detection on traffic

  • Cleaning the built API structure

  • Creating rules for route parameters

Registration by link

If you have any questions or would like to test our product, please contact us at info@webmonitorx.ru. Also don't forget to subscribe to our Telegram channelwhere we share useful information about API Security, Web Security and publish current announcements of changes in the product.

We will be glad to see you among our subscribers and users!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *