Akamai API Security Release 3.41
The recent Akamai API Security update 3.41 introduces support for API discovery in GitHub repositories, security analysis for OpenAPI specification files, and compliance assessment of your security posture findings and runtime incidents against compliance and security frameworks.
Integration with code repositories
Akamai API Security enables you to create an inventory of APIs in your environment by analyzing traffic, assessing cloud infrastructure configurations, and manually uploading API specification (spec) files. With this release, you can now extend API discovery to your GitHub code repositories (Figure 1).
Fig. 1: Adding GitHub repository to Akamai API Security
The new integration with GitHub allows you to automatically scan your repositories for OpenAPI specs and add them to your API library. This ensures that your library includes APIs that have not yet been discovered through traffic analysis.
It also enables you to compare the API specifications defined by developers with the specifications API Security creates based on traffic and identify deviations. As with manually uploaded spec files, you can automatically run spec files from your repositories against predefined style guidelines to enforce consistency and flag programming errors, bugs, and stylistic errors.
To learn more about integrating Akamai API Security with GitHub, please see the documentation.
Security analysis for OpenAPI spec files
Akamai API Security now includes a security analysis for OpenAPI specification files. This capability automatically runs every uploaded or updated OpenAPI spec file through 26 security checks. These tests cover various critical categories, such as data privacy, input validation, authentication issues, and more (Figure 2).
Fig. 2: Security test results for uploaded OpenAPI spec files
Upon completion, each API spec receives a security score based on the percentage of tests passed. Detailed insights are provided for any tests that fail, explaining the nature of the issue and offering actionable recommendations to resolve it.
This feature empowers software architects and developers to design and maintain highly secure APIs, ensuring that potential vulnerabilities are identified and addressed as soon as spec files are added to the API Security solution.
To learn more about security analysis for OpenAPI spec files, please see the documentation.
API compliance analysis
Ensuring that your APIs comply with security standards and vulnerability frameworks is critical for meeting stringent security and privacy standards, protecting sensitive data, and maintaining customer trust.
Akamai API Security can now assess whether your security posture findings violate compliance frameworks such as the Payment Card Industry Data Security Standard (PCI DSS) v4.0, the ISO 27001, and the General Data Protection Regulation (GDPR). Additionally, your runtime incidents are mapped to the MITRE ATT&CK vulnerability framework, which can help you understand and defend against specific attack vectors and tactics.
The Posture Findings Overview page now includes Compliance Frameworks and Vulnerability Frameworks columns, which allow you to easily sort and filter API issues based on specific framework violations (Figure 3).
Fig. 3: Compliance Frameworks and Vulnerability Frameworks columns
Similarly, the Runtime Incident Overview page now indicates when attacks against your APIs correspond to specific vulnerability frameworks. Double-clicking on the framework names in either column provides a quick view of all violations for your API. Additionally, you can click on the API details pane for more information about specific sections or requirement numbers within each framework. This feature simplifies your compliance audit efforts and helps you meet and maintain compliance standards more efficiently.
Learn more
Please review the release notes for additional information about Akamai API Security 3.41.
