Software Security Controls: Application Programming Interface (API) Services

Application Programming Interface (API) Services are ubiquitous and becoming more popular every year. Like any technology, the security of APIs is increasingly important as their use spreads. The new whitepaper “Software Security Automation: API Services Security”, written by members of the National Defense Information Sharing and Analysis Center (ND-ISAC), dives into this topic and provides a comprehensive overview of securing API services.

The paper covers areas such as security controls in the Software Development Lifecycle (SDLC), API discovery, categorization, API gateways, compliance and governance, and key management, and external API security concerns. In each area, prescriptive advice is given often with helpful examples and scenarios.

Throughout the paper, both externally and internally developed API services are addressed. This distinction is critical in the mission of security. For example, catching security vulnerabilities in the SDLC is far better than in production or waiting on the vendor. Various decisions depend on this distinction, including the use of an API gateway, policy, and risk management.

The audience for this white paper includes security engineers, software engineers and software architects responsible for the design, implementation, and protection of API Services in the technology infrastructure of any organization, regardless of size or industry.

Download the White Paper here:

For more information, collaboration on future releases, or if you are interested in becoming a member of ND-ISAC contact: