This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Hybrid - Management Plane security risk

Posted on 09-17-2020 05:00 AM
prasadbirje
New Member
Reply posted on --/--/---- --:-- AM

I have a query regarding the Apigee Hybrid Security mechanism. Considering a scenario wherein an unauthorized user accesses the Apgiee Hybird Management plane and updates API proxy definition to bypass certain security checks(e.g. RegularExpression policy used for SQL injection detection). In this case the revised API proxy definition might get synchronized with the Apigee runtime making the API prone to SQL injection attack.

Is there a way to prevent such type of Management plane attacks? Will it be possible to apply any additional checks at API Runtime level to identify such changes?

Is it possible to apply any controls on the API Proxy sync mechanism from Management Plane to Runtime Plane?

2 0 189
Topic Labels
0 REPLIES 0