ShieldSquare is now Radware Bot Manager

ShieldSquare is now Radware Bot Manager

API Security Landscape: Protecting APIs from Automated Attacks and Abuse

December 15, 2020 | General Automated Threats Bot Prevention Technologies

How Secure Are Your APIs Against Bot Attacks

APIs are emerging as a bridge to facilitate interoperability between different systems, networks, and applications. They also help drive a growing variety of devices and systems on the Internet of Things (IoT) to enable innovative functions that consumers, enterprises and governments demand and expect. 

Most IT ecosystems and architectures, from websites to mobile applications, rely on databases that are queried for user authentication, inventory checks, location services, payment card verification and so on, are dependent on APIs. The growing use of micro-service and cloud architectures, and the increasing reliance on specialized third-party services, including the providers that use Open APIs to initiate calls between applications, are making APIs more crucial than ever in facilitating convenient and seamless access to IT-enabled services.

Despite their rapid and widespread deployment, however, APIs remain poorly protected, which makes them vulnerable to attacks like enumeration, decompiling, insecure pagination or even accidental API key exposure that put business-critical data and services at risk, including Personally Identifiable Information, payment card data, and other confidential information.  

According to Radware Bot Manager research, in 2019, bad bot hits on APIs steadily increased in each quarter: 

Bad Bot Hits on API

Sophisticated bots take advantage of API vulnerabilities such as authentication flaws, lack of robust encryption, and poor endpoint security to perform malicious attacks like account takeover, application DDoS, carding, and various forms of API abuse. Most API gateways and WAFs fail to detect sophisticated human-like bots, making them vulnerable to sophisticated bot attacks by fraudsters, competitors and intelligence-gathering agencies.

Symptoms of a Bot attack on APIs.

  • Single HTTP request
  • An increase in the rate of errors
  • Extremely high application usage from a single IP address or API token
  • A high ratio of GET/POST to HEAD request for a user/ session/ IP address/ API token compared to legitimate users

How can Radware protect your APIs from bad bot attacks? 

Radware Bot Manager defends Web, mobile applications, and APIs against automated attacks. It ensures that only legitimate users and devices can access your Internet properties by leveraging proprietary Intent-based Deep Behavior Analysis (IDBA) and machine learning technologies to understand the intent behind every visitor, and to block malicious automated activities. 

For APIs, Radware Bot Manager provides dedicated enterprise-grade protection from automated threats by: 

  • Addressing gaps in unique source identification in M2M communications through our API-Client SDK  
  • Preventing out of context API invocation (for Web and mobile APIs)  
  • Establishing authentication flows to validate legitimate access to assets
  • Detecting anomalous navigation flows or access patterns 

To know more about how Radware Bot Manager protects your APIs, networks and applications from bot attacks, contact us at or download our whitepaper here.

Tags: , , ,

Subscribe to Radware Research and Blog
Thank you for subscribing
Thanks. Sent confirmation email.

Related Content

October 8, 2021
8 Best Practices to Protect Your Ecommerce Enterprise and Customers This Holiday Season
September 29, 2021
How Radware Bot Manager’s Mobile SDK Defends Against Bots
July 9, 2021
Five Benefits of Integrating Bot Management With Your CDN

Step Up and Take Action

Powered by Think201