API Discovery
Discover all APIs that have access to your information ecosystem.
Accurate API inventory based on code analysis
Accurate data-in-transit metadata based on flow analysis
Frictionless deployment in customer’s environment
The Problem
An application programming interface (API) allows two pieces of software to interact with each other, the same way a user interface (UI) like a keyboard does between humans and computers. While APIs have enormously increased productivity by allowing low-friction information exchange with 3rd party organizations, their proliferation has also multiplied the typical organization’s attack surface. Of particular concern are zombie APIs or APIs that are unknown (“shadow IT”) or have been forgotten. Since these APIs had been granted internal access, they represent a significant risk especially when not secured or unpatched.
The Solution
Riscosity’s solution meticulously scans every line of code it has been granted access to, identifying all APIs where external parties (vendors, customers, credit bureaus, etc.) have access to an organization’s internal network for information exchange. This information is supplemented by metadata of the actual information being exchanged, via Riscosity’s flow analysis. Armed with this insight, the Riscosity customer can then decide whether to remove the API connection or bring it under their security umbrella.
