Prophaze Cloud API Security Platform is designed to comprehensively safeguard APIs from a wide range of threats, including the OWASP Top 10 API vulnerabilities, DDoS attacks, and malicious bots. Delivered as a cloud-native service, the platform offers seamless scalability, centralized visibility, and simplified deployment without the need for on-premise components.

Key capabilities of the Prophaze SaaS-based API Security solution include:

• Automatic positive security model to enforce consistent boundary validation on API requests.

• Behavioral analysis to distinguish legitimate traffic from malicious bots and payloads.

• Pattern enforcement using regular expressions to validate required parameters in message bodies.

• Rate limiting for inbound to prevent abuse.

• Native integration with leading API management vendors.

• Decoding of OpenAPI (Swagger) files as well as headers and body payloads.

• Support for complex data formats and multiple API protocols, including REST, GraphQL, and gRPC, capable of decoding nested and encoded payloads (e.g., JSON within Base64).

• Swagger-based enforcement of API structure directly within the cloud WAF, either through file upload or automatic API discovery.

• Context-aware blocking of API requests with missing or excessive parameters based on the Swagger template.

• Protection against application-layer DDoS attacks targeting API endpoints.

• Real-time detection of abnormal traffic patterns or anomalous behavior.

• Granular visibility of OWASP Top 10 threats in the console.

• End-to-end encryption using TLS 1.3 to secure API traffic.