New Track and New Technology｜Xinglan Technology was invited to participate in the "2022 API Security Innovation Salon Beijing"

On the morning of April 15, the "2022 API Security Innovation Salon Beijing" organized by Shushi Consulting was successfully held at the Cybersecurity Bistro. The salon invited representatives from API security industry companies to exchange ideas and share opinions on hot topics such as API security technology development trends, industry insights, and implementation applications. As a new force in network security and an outstanding company representative in the API security track, Xinglan Technology was invited to participate and give a keynote speech.

At the conference, Li Shaopeng, founder of Shushi Consulting, said in his opening remarks that with the vigorous development of cloud computing, mobile Internet, and the Internet of Things, more and more application development is deeply dependent on the mutual calls between APIs, and API security has received widespread attention. At the same time, APIs are also becoming the main target of attackers. International and domestic API attacks are not uncommon, and many companies are facing new security challenges. Therefore, it is of great significance to continuously optimize and upgrade security technologies and help companies explore security systems that adapt to new needs.

At the meeting, Digital World Consulting released the "API Security Research Report". The report aims to effectively guide users to solve API security problems in the process of enterprise development, realize the third-party reference value of Digital World Consulting, and help enterprise users stand at the forefront of the digital wave. The report explains the importance of API as the infrastructure of the digital age from the two aspects of API's technical application capabilities and business shaping capabilities, and describes the API security concept from the risks it faces, its own complexity and actual application. Finally, it briefly introduces the best practices at home and abroad and the API security reference framework. Xinglan Technology appears in the report as one of the best practices in China, indicating that industry professionals recognize Xinglan's work in API security.

Xinglan Technology CTO Xu Yue shared "Enterprise API Security Protection System Construction" at the salon. He mentioned that in the era of the Internet of Everything and the digital transformation of various industries, a large number of enterprise capabilities are integrated with third-party vendors in the form of SaaS API services, such as financial OpenBanking, digital government platforms, large-scale distributed Internet applications, smart cities, and the Internet of Things. Enterprise data is transmitted through APIs, and the number of APIs continues to grow, causing API security issues to become a focus. On the one hand, as APIs gradually become the "main road" for carrying data flow, their weaknesses are gradually being noticed by network attackers. On the other hand, with the formal implementation of the "Data Security Law" and the "Personal Privacy Protection Law", the digital transformation process of enterprises also faces data transmission security supervision requirements. Enterprises can deal with API security risks starting from the API life cycle, implanting security protection capabilities in different stages of API design-development-testing-operation-offline, and at the same time, technical solutions should take into account business needs and cloud-based IT infrastructure.

Zhang Xiaobing, senior security expert at Qi'anxin and the head of Rui Security, said in "Seeing the World from the Framework - Seeing the Security Past and Peeping into the Security Future": What the world looks like depends on the framework we use to view the world. He talked about what security looks like under different frameworks from different perspectives, such as technology, compliance, and architecture. When we regard security as an interface, that is API security. Although everyone's understanding of API security is similar and overlapping, it must be different. For example, the "API Data Security Research Report" of the China Academy of Information and Communications Technology believes that API security is part of data security. It undertakes the heavy responsibility of data interaction and transmission between different complex system environments and organizations; in Qi'anxin's "Orange Book on API Security Capability Building", it is believed that API is a cloud-native technology, a tool for centralized resource connection, and a core capability of digital transformation. When talking about his views on API, he believes that API is a new security logic. The logic of the security industry has gone through four stages, from the initial focus on single security issues, to solving comprehensive threats oriented to the environment and IT architecture, to solving business risks through tight coupling with the business, and finally developing into connection-oriented, that is, using loosely coupled and scalable methods based on abstract architecture to solve more comprehensive threats; and API is one of the connection-oriented methods.

In the roundtable discussion of the three-person network security team, Li Shaopeng, founder of Shushi Consulting, Zhang Xiaobing, senior security expert of Qi'anxin and manager of Rui Security, and Wang Yu, CEO of Xinglan Technology, discussed the topic of "How to ensure API security". They had in-depth discussions and exchanges on multiple issues, including "What is API security, how important is API security, what industry scenarios exist in China, the most urgent demand for API security, and where should enterprises start with API security construction".

Speaking of API security, Wang Yu said that currently APIs carry more and more complex application logic and more and more sensitive data, and many new communication scenarios have been born on the basis of APIs. As a double-edged sword, while APIs provide convenience for enterprises, they have also become a key target for attackers. Xinglan Technology provides API security protection capabilities for application scenarios such as digital finance, open banking, and cloud computing through dimensions such as API asset intelligent identification, API threat and behavior monitoring, and API data flow monitoring. It also provides open and flexible scenario configuration capabilities, and is committed to helping enterprises establish API full life cycle protection.

Zhang Xiaobing mentioned that API can solve high-value and high-interaction problems, and driven by new technologies, the market will have a broader prospect. In addition, he also said that excellent API security products need to focus on dynamic asset sorting in the early stage, and help customers sort out API assets in real time to achieve more comprehensive protection and reduce a series of security issues caused by unclear assets, so as to carry out the later API full life cycle security construction.

Only with faith in your heart can you go far. Xinglan Technology has never stopped exploring API security. In the future, Xinglan Technology will further invest in the formulation of relevant standards for API security, stand at the forefront of the development of the API security industry, and continuously output mature and excellent products and high-quality solutions to provide security for APIs in all walks of life, create more possibilities for the development of the network security industry, and contribute to the expansion and strengthening of the API security market.