Akana, an API Management and Cloud Integration leader that helps businesses accelerate their digital transformation by securely extending their reach across multiple channels, announced today that its Community Manager, API Gateway, and Lifecycle Manager products are certified to secure customers’ APIs and Web Applications against the OWASP Top Ten Vulnerabilities.

The OWASP Top Ten is a powerful awareness document for web application security. It is published and maintained by the Open Web Application Security Project. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. The vulnerabilities identified on the most recent top ten list are:

  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards

“Our customers have to be able to protect their APIs and Web Applications from the critical security vulnerabilities identified in the OWASP Top Ten,” said Alistair Farquharson, chief technology officer at Akana. “The procedures, tools, and technology we have put in place to eliminate risks at all stages of our SDLC make us the obvious choice for any customer needing a secure, reliable, API Management solution.”

Akana certifies its products to secure APIs and Web Applications against these vulnerabilities, both via regular penetration testing, and through an integrated source code scanning system. Akana conforms to stringent security processes making its cloud offering and products some of the most secure in the industry. Akana’s development and security processes include:

  • Integrated static code analysis as part of the SDLC
  • Dynamic, automated penetration testing as part of the SDLC
  • Regular, 3rd party dynamic penetration testing
  • Security best-practices training for developers

These processes help ensure that APIs and applications projected using Akana’s solutions are:

  • PCI Compliant
  • HIPAA Compliant
  • FIPS 140-2 ‘compliant’ when leveraging an HSM

For information on Akana and its solutions on API Management, API Security and Cloud Integration, please click here.