FireTail presented at the BlackHat Europe open source Arsenal in December 2022, showcasing our open source code library for real-time, inline API security checking.
Specifically, we showcased our API security library as open source for the first time at a European event.
FireTail sits on top of popular open source frameworks for building web services and APIs, like OpenAPI/Swagger, Express and Rails, and then provides in-line security processing of the API calls. FireTail checks for (in sequential order):
1. API call is hitting a valid route using a valid method. This allows for a zero-trust, declarative API structure, with proper error handling at the HTTP layer.
2. Inspection of authentication token. Does the API expect a JWT, application-issued API key or other? FireTail will check whether a valid token of the correct type is present.
3. Payload inspection. FireTail will look for and fail invalid API queries.
One consistent challenge that security teams have expressed is the lack of standardization or centralization of API logs. FireTail has now created a standardized log format, common to all 3 currently available code languages. FireTail also offers the ability to send these logs to a central location, either locally, on a private network, or to a cloud service.
Past companies and tools exhibited at the BlackHat Arsenal include open source tools that have become part of the everyday conversation for security practitioners.
See the details on FireTail's session at Blackhat Arsenal here.
Visit FireTail for more information. We'll also be sharing the recording of the Arsenal demo with you very soon!
RSA is all about building bridges and connections.
Join FireTail virtually at API Secure 2023! Jeremy Snyder will share learnings from a decade of API data breaches, and discuss why FireTail takes a unique approach to API security