On this page
Application Program Interfaces (APIs) have taken center stage as modern organizations adopt API-first approaches to application development. With recent studies uncovering that 83% of all web traffic is to API endpoints, their security has become a key focus for organizations worldwide.
API security for advanced threats
Fastly’s API security is built into our Next-Generation Web Application Firewall (NGWAF). Our protection enhances your security posture, unifies visibility and decisioning, and empowers application development for organizations making their applications faster, safer, and more engaging.
Enhance your security posture
APIs need protection no matter where they operate. The NGWAF runs natively in any cloud, data center, or container, with various deployment options at the code, web server, or API layer. Its flexible deployment enables visibility to external APIs based in tools like Kong or NGINX, and internal APIs like those in a service mesh. The NGWAF inspects all requests at runtime to enable automated traffic decisions like blocking, rate-limiting, and layered rulesets to secure applications from OWASP’s Top 10 API Security Risks, payloads targeting specific API protocols, and other API threats highlighted below. The NGWAF is deployable anywhere and protects your APIs everywhere, so you can scale with a single security partner that protects your applications no matter how you grow.
API Security Categories
Unique Identifier Enumeration
Brute forcing sensitive IDs or tokens in APIs that are not searchable
Account Takeover (credential stuffing)
Attackers use known lists of compromised credentials from common
Sensitive API Abuse
Targeting sensitive APIs such as gift card and credit card validation and
Malicious automation and bots are used to perform content scraping, tie up system resources, perform account brute forcing, and other actions.
While organizations want to provide partners with access to APIs to
Malicious or disallowed traffic sources
Bad actors using Tor attempt to access APIs from countries or
User management APIs abused by insiders to grant elevated access or
APIs attempting to be used from an untrusted device that does not contain
OWASP Injection Issues /
APIs using unpatched or outdated third party frameworks / libraries, and
Malicious attack tooling that performs a high velocity of requests leading
Denial of Service
Targeting high system cost APIs such as database queries, search
Unify visibility and decisioning
API security is better in a platform. The NGWAF offers visibility into all API requests and decisioning logic out of the box, reducing the need for multiple solutions to provide comprehensive Layer 7 protection. By combining these two functionalities, the NGWAF offers analytics that can tell complete application security stories. The story can also be easily shared across the NGWAF’s numerous integrations with Security Information and Event Management (SIEM) platforms like Elastic and Datadog to combine its insights into your overarching security narrative. The NGWAF is a security platform that increases data insights and lowers your total cost of ownership, allowing you to make better informed security decisions and reallocate your budget toward new strategic initiatives.
Empower application development
Your security tech stack shouldn’t be a roadblock to API implementation. Using Fastly’s patented SmartParse contextual detection built into the NGWAF, you can easily protect commonly utilized REST and SOAP/XML, as well as recently popularized GraphQL, GRPC, and WebSocket endpoints. This coverage includes GraphQL inspection, which parses the contents of requests to inspect them and ensure malicious payloads aren’t hidden within the call. The NGWAF enables application developers to push releases faster while creating better customer experiences because they can leverage the latest APIs without negative security implications.
Getting Signal Sciences [Fastly] up and running is quick and easy. It was literally a five minute process: with just a few rule changes specific to our authentication flows, we were able to effectively block account takeover attempts in production.
Get more from your API security
As you expose additional API endpoints, their security shouldn’t be a concern. Join leading companies like Chik-fil-A, Doordash, and Duo, who trust the NGWAF to protect their APIs and more. Contact us to get started.
Learn defaults and controls for a safer and more successful GraphQL implementation.
Learn how our Next-Gen WAF automatically protects against web layer attacks and easily integrates with DevOps tools.
The Weather Company forecasts accurate, reliable weather to 400 million monthly active users by partnering with Fastly
Details on the patented architecture of our WAF and deployment options available.