Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Zenedge Releases API Security Solution with Native SDKs

Zenedge Releases API Security Solution with Native SDKs

Zenedge, a cybersecurity provider of AI-driven Web Application Firewall, malicious bot detection, and bot management services, has recently released an API Security solution with native SDKs for web and mobile.

Zenedge API Security utilizes a combination of the proprietary native SDK and Zenedge’s web application security proxy. Integrating with client mobile and web applications, the SDK generates a unique hash identifier that each API call then sends as a special Zenedge header, which the proxy uses to verify the request’s legitimacy before passing valid traffic to the API. The solution can be used for both authenticated and unauthenticated API requests, and private and public APIs. In order to use the security solution, public API providers would need to integrate Zenedge’s SDKs or code snippets, available for most popular platforms and programming languages, into their own SDKs that they provide to clients.

API security is increasingly a topic of concern as APIs and microservices become commonplace across the software industry. This year OWASP has added "Undersecured APIs" to the OWASP Top Ten 2017 Release Candidate, which is expected to be finalized later this year, and maintains a REST Security Cheat Sheet that describes many key techniques of securing REST APIs. The API security conversation has typically focused on IP rate limiting, server DDoS protection, and established access protocols and federation patterns.

Zenedge API Security joins a growing trend of advancing the API security industry with new solutions such as machine learning, browser detection, and integrated clients and proxies. The company aims to make IP rate limiting obsolete both by preventing the request from ever reaching an API’s server and by preventing known workarounds to rate limiting, such as an attacker sending requests from a large number of compromised IP addresses. The security product is intended to protect against dictionary attacks, Layer 3/4/7 DDoS attacks, automated scraping, malicious usage, and API hijacking.

A young company, Zenedge raised its seed round of $3.5 million in October 2014 and closed its Series C round of $6.2 million in September 2016. The company was named a finalist of the Cyber Security Excellence Award 2017 for Most Innovative Cybersecurity Company (50 or fewer employees).

Rate this Article