The 4 Easy Steps You Can Take to Assess Your API Security Posture

  • Needs Improvement: Action should be taken immediately to improve your API’s security.
  • Potentially vulnerable: Action is needed to improve your API security posture.
  • Sufficient: Your API security may be good enough, given its use and implementation; however, there is still room for improvement and to make it Airtight.
  • Airtight: You have implemented the best-in-breed and best technology in the industry to protect your API against threats. No further action is needed.

The 4 Steps to Assessing Your API Security Posture

One: API Inventory

Imagine you’re installing a security system on a building. You don’t have blueprints, so you just put sensors on the doors you can see from where you’re standing. Do you think that would make the building secure? Of course not.

Two: API Gateway Security Policies

The next level of API security is assessing your API gateway and the associated security policies. If you don’t have API gateway security implemented, your API is likely open to the world. This requires immediate action.

Three: Web Application Firewall

The next step in your evaluation is to validate that you’ve got a WAF or hardware appliance in place. Without this, you are vulnerable to the OWASP Top 10 attacks, like SQL injection.

Four: AI/ML API Security Engine Implementation

Even if you’ve implemented all of the security measures discussed above, you’d be surprised at the number of vulnerabilities your APIs are still open to — threats like stolen tokens that look valid or insider threats.


API security is built in layers. The first step to securing your APIs is making sure you have a firm grasp on what you have and how they are used. From there, you can evaluate and build out the security of each layer — the API layer, the WAF layer, and finally, the ML/AI layer. It’s the combination of these elements that gets you to an airtight security posture. Unfortunately, missing one of these layers could leave you open to a breach.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aaron Lieberman

Aaron Lieberman


Aaron’s passion for technology drives him to find innovative ways to help advance organizations through technology.