Harness Introduces Traceable WAAP for Securing Web Applications and APIs with Traceability
Today, Harness launched a new cloud-based platform for web application and API security, known as the Web Application and API Protection (WAAP) solution.
Today, Harness launched a new cloud-based platform for web application and API security, known as the Web Application and API Protection (WAAP) solution. This innovative platform aims to simplify the process for Security Operations (SecOps) teams to safeguard application environments. Leveraging the Traceable API security platform, which Harness acquired earlier this year, the Traceable WAAP platform offers not only bot mitigation capabilities but also features to counter distributed denial of service (DDoS) attacks.Sudhir Patamsetti, Harness’s Senior Director of Product Management for Cybersecurity, emphasized that the Traceable WAAP significantly streamlines the handling of cybersecurity aspects post-deployment of applications and their corresponding APIs.
This is especially crucial now as many cybersecurity teams are transitioning towards a unified approach to securing both web applications and APIs. Traditionally, safeguarding web applications and APIs has presented a dual challenge. The first challenge lies in the fact that web applications are predominantly developed by application developers who may lack proficiency in cybersecurity. Consequently, there is often an abundance of easily exploitable internet-facing vulnerabilities.
The second challenge arises from the susceptibility of the deployed APIs for similar reasons. In recent years, cybercriminals have honed their skills in utilizing these APIs for data exfiltration. Complicating matters further are clandestine APIs that developers expose without the knowledge of the cybersecurity team. Moreover, dormant APIs, known as zombie APIs, linger accessible due to neglect in removal. APIs play a significant role in facilitating access to AI services, thus attracting cybercriminal syndicates.Harness is introducing an integrated platform to tackle these challenges, enabling API discovery through traffic monitoring, encrypted flows, and code repositories. Risk scores are then assigned to detect anomalies while also applying digital fingerprints to identified attack vectors.Additionally, the Traceable WAAP is designed to seamlessly integrate into the Continuous Integration/Continuous Delivery (CI/CD) pipeline employed for the development and deployment of web applications and APIs. Whether integrated with API gateways, load balancers, or directly within application code using lightweight agents provided by Harness, this solution brings robust security measures.
Furthermore, IT teams can securely direct traffic to a Content Delivery Network (CDN) offered by Harness. Collectively, these capabilities facilitate better collaboration between cybersecurity teams and application/API development and deployment teams. Patamsetti highlighted the increasing importance of focusing on application security, considering the evolving tactics of cybercriminals targeting software weaknesses. Successful attacks on applications can lead to compromising the underlying IT infrastructure.As organizations look to enhance their application security posture, the hope is to reduce the frequency of breaches requiring cybersecurity responses. However, one persistent challenge remains in accurately gauging the extent of the attack surface that necessitates protection.
About Author
