the fact that the API itself often doesn’t even know it is being used by an application or program. It just sits there waiting for a command to perform its function and then returns the results back to the calling program. That makes identifying all of your APIs difficult at best, especially if you are using third-party applications or cloud services where you might not have access to their source code.
The good news is that some excellent tools exist for finding out exactly what APIs are running on your network and which ones need attention from security teams
Back to Main