- 16 Nov 2022
- 3 Minutes to read
- Updated on 16 Nov 2022
- 3 Minutes to read
The Security Posture Dashboard provides you with a high-level view of various high-risk APIs, categorization of exposed sensitive data. The Security Posture Dashboard also provides a summary of the unauthenticated API Endpoints that have data in them. Conformance analysis summary for the selected environment is also part of the Security Posture Dashboard. For more information on Spec Conformance section, see Conformance Analysis.
Top 10 Risky APIs
This section lists the top-10 risky APIs for that environment. The list is updated based on continuous monitoring of API traffic. The APIs are listed based on risk score. For more information on risk score, see Risk scoring. The section also displays the calls/min for the API. The calls/min is the average for the time duration you have selected. For example, in the above screenshot, the calls/min for an API are for the last 3-days. If you want to view more details about the API, you can click on the API.
The sensitive data section displays a pie chart distribution for the various sensitive data identified by Traceable across all the API Endpoints in the chosen environment. Clicking on View navigates to the detailed Sensitive data page. For more information, see Sensitive Data.
Data in unauthenticated APIs
The Data in API Endpoints without auth section displays a list of Traceable identified unauthenticated APIs that are carrying data with them. The list shows the dataype and the number of API Endpoints that are carrying that datatype. You can click on the datatype to view the API Endpoints identified by Traceable. The list is continuously updated based on new information gathered by Traceable. You can access the same information from the Sensitive Data section by setting the Authenticated filter to false.
You can also create a JIRA ticket for an API Endpoint by clicking on Create JIRA button.
The Spec Conformance section displays the results of automated conformance analysis jobs that run at every 12-hours. The section displays the summary of conformance analysis job with identified number of Shadow and Orphan API Endpoints. The Spec Conformance section also displays shadow Endpoints that have sensitive data. Such shadow Endpoints could be a security threat to your API ecosystem. For more information on Spec Conformance, see Conformance Analysis.