PLOT4ai - Security - Are our APIs securely implemented

Are our APIs securely implemented?

This page is a fallback for search engines and cases when javascript fails or is disabled.
Please view this card in the library, where you can also find the rest of the plot4ai cards.

Are our APIs securely implemented?

APIs connect computers or pieces of software to each other. APIs are common attack targets in security and are in some sense your public front door. They should not expose information about your system or model. Source: BerryVilleiML

If you answered No then you are at risk

If you are not sure, then you might be at risk too

Recommendations

Check how do you handle time and state and how is authentication implemented in your APIs.
Make sure that sensitive information such us API calls secrets are not sent in your commands.
Implement encryption at rest and in transit (TLS) and test often your APIs for vulnerabilities.

Interesting resources/references

OWASP API Security Project
BerryVilleiML
Securing Machine Learning Algorithms, ENISA
STRIDE-AI: An Approach to Identifying Vulnerabilities of Machine Learning Assets
Stride-ML Threat Model
MITRE ATLAS™ - Adversarial Threat Landscape for Artificial-Intelligence Systems