Out-of-context decoy API - PingIntelligence for APIs

Out-of-context decoy API - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

Out-of-context decoy APIs are independent APIs where every path is a decoy API. Any sub-paths accessed in the API are treated as part of the decoy API.

Diagram of ASE blocking attackers through decoy APIs

The following is a snippet of a trading API JSON file which has been deployed as a decoy API:

{
    "api_metadata": {    
        "protocol": "http",
        "url": "/account",
        "hostname": "*",
;   
; Note – other configuration parameters removed
;
        "decoy_config":
        {
          "decoy_enabled": true,
          "response_code" : 200,
          "response_def" : "OK",
          "response_message" : "OK",          Decoy API Configuration
          "decoy_subpaths": [
           
          ]
       }

Since the decoy_subpaths parameter is empty, any sub-path accessed by the attacker after /account is regarded as a decoy path or decoy API.

After configuring in-context or out-of-context decoy APIs, you can check the API listings by running the list_api command:

opt/pingidentity/ase/bin/cli.sh list_api -u admin -p
flight ( loaded ), https
shop ( loaded ), https, decoy: in-context
trading ( loaded ), https, decoy: out-context