IT Security Services

GSS Infotech team was very quick and efficient in modifying the documents and finishing the deliverables. The first drafts of the Functional Spec were created in good time by the team.
Project Manager

A Leading Manufacturing Company

Services » IT Security Services » API Security

API Security

We ensure that the API, supporting backend Infrastructure and Authentication of your API are secure.
  1. API Run through & Information Gathering

    We understand your API through multiple rounds of interactions in the pre-engagement process and then we identify your core competencies. We perform quick code analysis and understand your documentation both for regular user and admin user.We understand “Valid request data” through known-good param values and order of function calls.

  2. MAP the API & Threat Modeling

    We fully map the API, listing all methods and functionality at the start of an assessment. We model security threats before initiating any security assessments. We analyze ASMX/Helpdocs etc to ensure we map your API correctly.

  3. Static Analysis

    GSS Infotech's white hat hackers will perform source code analysis on your app to find exceptions. We perform extensive source code analysis (based on CERT secure coding standards) to identify sensitive information like hard coded keys and code blocks that are vulnerable to exploitation.

  4. Dynamic Analysis

    Vulnerability Analysis – We follow REST OWASP cheat sheet in OWASP API Security Project. As a part of Exploitation, Our White hats will try to exploit the vulnerabilities identified during the static and dynamic analysis phase and see the extent of losses that are possible through the identified bugs. We provide required steps to reproduce the bug.

  5. Business Logic Flaw testing

    Most critical security loopholes arise due to business logic flaws. Business logic flaws in tandem with standard security threats can cause major losses to organizations. We run comprehensive tests your important business logics that could adversely affect your security.

  6. Reporting

    We provide a comprehensive API security assessment report that’s understandable by your dev team. We work with your team to fix the identified loopholes.