The prevalence of microservices in application architectures has many benefits, but it also has some unintended consequences, including API sprawl. And that sprawl is more than just an inconvenience, there are very real security implications not just for the application itself, but at every step in the software supply chain.
As an example, consider the rise of virtual data centers ushered in by the wave of virtualization. So many virtual machine images were created and abandoned without decommissioning; organizations were then faced with high capex costs and unused storage space. In a similar way, APIs are created by developers without deprecating older versions or maintaining both versions to avoid breaking change. The good news is, API sprawl can be controlled with the correct use of security and assurance controls, including application threat modeling.
In this session, Lloyd Newton from SGN will explore the issue of API sprawl and the risks and vulnerabilities it introduces. Then, Mr. Newton will discuss how to tackle these issues from a security governance and audit perspective and recommend best practices.