Modern applications need API protection
Holistic endpoint visibility
Organizations manage a minimum of 300 APIs on average. Imperva’s API Security amplifies your security posture by automatically generating a Positive Security Model for every uploaded API Swagger file.
Automated security validation
APIs are being churned out faster than Security teams can review, influence, and sign off on before they’re pushed into production. Imperva’s API Security enables your teams to stay ahead of DevOps via automation.
Continuous API Endpoint Protection
Imperva API Security empowers your approach with out-of-the-box security rules adjusted to your APIs.
This ensures complete OWASP API coverage and promotes visibility for all security events per API endpoint.
Covering all OWASP API Top 10
- Injection
- Mass Assignment
- Broken Authentication
- Security Misconfiguration
- Excessive Data Exposure
- Broken Object-level
Authorization - Improper Asset Management
- Lack of Resource Rate
Limiting - Broken Function Level
Authorization - Insufficient Logging &
Monitoring
Positive security model
With API Security, simply upload the OpenAPI specification file that your DevOps team has created and Imperva will automatically build a positive security model. This will ensure only the traffic you want accesses your API, and all of your API endpoints are protected as soon as they’re published.

Stopping more than just API attacks
Going beyond the OWASP API Top 10, Imperva protects your APIs from the latest in automated attacks, such as:
-
Advanced Bot Protection
Manage bot traffic and protect against bad bots attacks
-
DDoS Protection
Defend from application and layer DDoS threats, backed by 3-sec mitigation SLA
-
Cloud WAF
Prevent technical app attacks and vulnerability exploits
-
Account Takeover
Stop credential stuffing
“The increased confidence we have in reducing our appetite for risk has been well received across our development teams with the introduction of API Security”
Christophe Spoden Security Architect

