Invention Publication
- Patent Title: PROTECTING AGAINST API ATTACKS BY CONTINUOUS AUDITING OF SECURITY COMPLIANCE OF API USAGE RELATIONSHIP
-
Application No.: US17526087Application Date: 2021-11-15
-
Publication No.: US20230156016A1Publication Date: 2023-05-18
- Inventor: Lloyd Wellington Mascarenhas , Matthias Seul , Arielle Tovah Orazio
- Applicant: International Business Machines Corporation
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
A computer-implemented method, system and computer program product for protecting against application programming interface (API) attacks. A connection is established between an API user and an API provider. The established connection is then monitored to assess connection security and trustworthiness of the connection as well as trustworthiness of the API user and/or API provider. A score is then generated for each factor used in assessing the connection security and trustworthiness of the connection as well as the trustworthiness of the API user and/or API provider based on the monitoring. A level of risk for an API attack with respect to the API user and/or API provider is then generated based on such scores. An action (e.g., blocking traffic) is then performed with respect to the API user and/or API provider based on the level of risk for an API attack with respect to the API user and/or API provider, respectively.
Public/Granted literature
- US12028351B2 Protecting against API attacks by continuous auditing of security compliance of API usage relationship Public/Granted day:2024-07-02
Information query
