API Security Through External Attack Surface Management

It is hard to protect what you cannot see. So many times organizations are not aware of all their assets including APIs. They prepare to have their Internet-exposed application assessed during pentests, but have to go through the drill of taking inventory of all the applications. This is a similar task for all external assets, companies do not always know what they have exposed and this makes assessing and securing them difficult. Phillip Wylie discusses how to integrate APIs into External Attack Surface Management (EASM) to improve the security posture of external facing APIs.