Security posture
  • 16 Nov 2022
  • 3 Minutes to read
  • PDF

Security posture

  • PDF

Article Summary

The Security Posture Dashboard provides you with a high-level view of various high-risk APIs, categorization of exposed sensitive data. The Security Posture Dashboard also provides a summary of the unauthenticated API Endpoints that have data in them. Conformance analysis summary for the selected environment is also part of the Security Posture Dashboard. For more information on Spec Conformance section, see Conformance Analysis.

Security Posture DashboardSecurity Posture Dashboard

 

Note
Security Posture Dashboard is available for a specific environment and not for All Environment. 

Top 10 Risky APIs

This section lists the top-10 risky APIs for that environment. The list is updated based on continuous monitoring of API traffic. The APIs are listed based on risk score. For more information on risk score, see Risk scoring. The section also displays the calls/min for the API. The calls/min is the average for the time duration you have selected. For example, in the above screenshot, the calls/min for an API are for the last 3-days. If you want to view more details about the API, you can click on the API. 

Sensitive Data

The sensitive data section displays a pie chart distribution for the various sensitive data identified by Traceable across all the API Endpoints in the chosen environment. Clicking on View navigates to the detailed Sensitive data page. For more information, see Sensitive Data

Data in unauthenticated APIs

The Data in API Endpoints without auth section displays a list of Traceable identified unauthenticated APIs that are carrying data with them. The list shows the dataype and the number of API Endpoints that are carrying that datatype. You can click on the datatype to view the API Endpoints identified by Traceable. The list is continuously updated based on new information gathered by Traceable. You can access the same information from the Sensitive Data section by setting the Authenticated filter to false. 

Unauthenticated API Endpoints with dataUnauthenticated API Endpoints with data

 You can also create a JIRA ticket for an API Endpoint by clicking on Create JIRA button.

Spec Conformance

The Spec Conformance section displays the results of automated conformance analysis jobs that run at every 12-hours. The section displays the summary of conformance analysis job with identified number of  Shadow and  Orphan API Endpoints. The Spec Conformance section also displays shadow Endpoints that have sensitive data. Such shadow Endpoints could be a security threat to your API ecosystem. For more information on Spec Conformance, see Conformance Analysis.


Was this article helpful?