Volume 13, Number 03, February 2023

Rapid Penetration Test for Securing Channel APIs in Hybrid Cloud (Dynamic Defense of Channel API)

  Authors

Luiza Nacshon¹ and Anna Sandler², ¹Senior Security Engineer, Red Hat, Israel, ²Software Engineer, Red Hat, Washington D.C

  Abstract

The goal of this research is to explore the security aspects of the hybrid Cloud Channel API world in greater depth and develop a rapid penetration testing tool that will help security researchers test Cloud Channel API security more effectively. The research proposes an innovative proxy-based solution for a rapid reactive test implementing a dynamic defence for channel API in the hybrid cloud. The proxy-based solution executes security testing rules against the channel API requests and validates weaknesses or vulnerabilities as a dynamic defence. Malicious or vulnerable requests may be denied/dropped/alerted, the results and decisions will be reflected in the APImanagement dashboard. In the scope of the paper we focus on known API attacks and in the future work we are going to have a machine learning algorithm for unknown and new channel API attacks.

  Keywords

openshift, channel api, security, hybrid cloud, penetration test.