Giant breaches during 2016 such as the Yahoo! breach and the DDoS attack from the Mirai IoT Botnet malware demonstrate why cybersecurity should be at the top every developer's list of considerations when working with APIs. So not so surprisingly, some API providers have stepped up during 2016 with a number of interesting ways to detect threats and thwart attacks. Presented here are some interesting APIs released in 2016 listed in our Security and Privacy categories. APIs that allow biometrics for identification or crowdsourced threat intelligence are included, along with various other security innovations.
And since we are talking about API security, it's worth a mention that ProgrammableWeb Editor in Chief David Berlind gave testimony to the White House in January of this year regarding security in the API Economy. His full written testimony is available in the API University series entitled, "Understanding The Realities of API Security".
Now, on to the APIs:
Gophish is an open source framework available for download, and is used for phishing simulation training. The Gophish APITrack this API integrates simulated phishing campaign features into applications. Developers can set template and targets, launch a campaign, and measure results.
Moocher.io is a Look-up-as-a-Service for developers that want to know if their users have been classified as 'abusers'. The Moocher.io APITrack this API identifies and filters out 'abusers' from IP, domains, emails, passwords, credit card BIN/IIN and other information gathered by users and communities.
Email Verifier connects with email domains to verify the status of email addresses and removes addresses containing invalid domains. The Email Verifier APITrack this API can remove duplicate email addresses, clean records that match spam-trap indicators, remove email addresses containing invalid syntax, and more.
The LeakedSource APITrack this API is a data filtering tool for detecting user profiles that may have been hacked and posted to leaked databases. It is a security solution for protecting the individual profiles and transactional data of customers that have subscribed to a company's online services. LeakedSource currently restricts the API’s access to large corporate organizations.
Deepviz is designed to help users analyze, correlate, and understand key information about malware. The Deepviz APITrack this API allows developers to interact with the Deepviz sandbox to submit malware samples and retrieve analysis reports on them.
Deepviz has a database of over 8.5 Million file samples in their Malware Analyzer Image Credit: Deepviz
Passable APITrack this API is a free, lightweight, RESTful Web service that developers can easily implement to prevent password hacking and breaches. Developers can send the hash of the password and its algorithm, and will receive a 0 (insecure password), or 1 (secure password) response.
GrantedBy.Me allows developers tor replace password security with fingerprint scanning, face recognition, and gestures. The GrantedBy.Me APITrack this API features AES-256 signed with HMAC SHA-256 encryption, enforced SSL/TLS communication, and RSA public encryption.
ThisData helps companies secure data and provides encrypted backups. Their Login Intelligence APITrack this API offers unusual account access detection by using patterns of normal behavior and specialized algorithms. This gives customers an extra layer of security that notifies when an account is accessed from a device that they don't normally use.
True Vault is a HIPAA compliant, secure database for healthcare industry. The TrueVault Users APITrack this API allows developers to create new users, following HIPPA privacy standards of patients' personal information.
Reposify finds devices' relationships with people and other devices, and detects what technologies exist on each device, such as an accessible database, Web server, or specific operating system. The Reposify APITrack this API allows developers to gain insights about devices connected to the public Internet worldwide.
Programmatically discover devices and insights about them via the Reposify API Image Credit: Reposify
CrowdStrike is a network security firm. The company recently launched the CrowdStrike Falcon Platform, which includes several APIs for threat intelligence, including the CrowdStrike Falcon Intelligence APITrack this API provides real time information about new adversary groups, indicators, and news.
Among the tools to help developers tackle Identity management for users and permissions, are several new APIs including, Amazon Cognito Identity APITrack this API, Heap Analytics Custom Identify APITrack this API, Miracl APITrack this API, Identity.com APITrack this API and Intelinyze APITrack this API.
Introduction to Amazon Cognito video: YouTube/Amazon Web Services