About L7defense
Transforming How Companies Operate Their Cybersecurity
L7 Defense helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks. APIs have become critical for data sharing and applications integration and are therefore an attractive path for malicious attacks that expose organizations to new, continuously evolving threats.
With a team of experienced leaders and innovators, L7 Defense revolutionizes the way organizations protect their APIs using its advanced AI-based technology.
Ammune™, L7 Defense’s platform technology, received in 2020 a Product Leadership Award by Frost & Sullivan for protecting APIs thanks to its novel unsupervised learning AI approach of protecting APIs.
Technology Alliances
L7 Defense operates at leading public clouds, collaborating with major tech vendors, to provide organizations with top-notch inline API security.
API-WAF Module
“OWASP Top 10 Web Application
Security Risks”
# | Attack Type |
---|---|
A-1 | Injection |
A-2 | Broken Authentication |
A-3 | Sensitive Data Exposure |
A-4 | XML External Entities (XXE) |
A-5 | Broken Access Control |
A-6 | Security Misconfiguration |
A-7 | Cross-Site Scripting (XSS) |
A-8 | Insecure Deserialization |
A-9 | Using Components with Known Vulnerabilities |
A-10 | Insufficient Logging & Monitoring |
“OWASP Top 10 API Security Risks”
# | Attack Type |
---|---|
API-3 | Excessive Data Exposure |
API-4 | Lack of Resources & Rate Limiting |
API-7 | Security Misconfiguration |
API-8 | Injection |
API-9 | Improper Assets Management |
API-10 | Insufficient Logging & Monitoring |
API 1,2,5,6 are crossed out as they are listed under the Business Logic (BL) type attacks
API-BL Module
The API-BL module protects APIs from Business Logic (BL) attacks that can lead to forbidden data or functionality access, or to abused business processes and fraud. These attacks partially appear in the “OWASP Top 10 – API security list”, while additional attack types were added by L7Defense. Ammune™ performs in-session traffic analysis to identify these attack patterns in real time, including session as well as historical data points. Together with the API-WAF module, this module completes the first line of protection
“OWASP Top 10 API Security Risks”
# | Attack Type |
---|---|
API-1 | Broken Object Level Authorization |
API-2 | Broken User Authentication |
API-5 | Broken Function Level Authorization |
API-6 | Mass Assignment |
API 3,4,7,8,9,10 are crossed out as they are listed under the WAF type attacks
More API Security Risks
# | Attack Type |
---|---|
L7B-1 | Broken payment flow – missing bind between payment and order |
L7B-2 | Broken payment flow – insufficient input validation |
L7B-3 | Broken credentials restore flow |
L7B-4 | Broken credentials revoke flow |
L7B-5 | JWT Token tampering |
L7B-6 | Insufficient 3rd party application trust |
Those are new attack types currently not part of the OWASP list
API-BOT Module
The API-BOT module protects APIs from business-related bot attacks as they appear in the “Automated Threats to Web Applications” list, also known as “OWASP Top 20”. The module performs real-time full deep packet inspection (DPI), followed by near real-time AI/ML analysis of the API(s) traffic, content, context, and metadata, using specific bot activity measurements that are made according to bot type activity characteristics
“OWASP Top 20 Automated Threats to Web Applications”
# | Attack type |
---|---|
OAT-1 | Carding |
OAT-2 | Token Cracking |
OAT-3 | Ad Fraud |
OAT-4 | Fingerprinting |
OAT-5 | Scalping |
OAT-6 | Expediting |
OAT-7 | Credential Cracking |
OAT-8 | Credential Stuffing |
OAT-9 | CAPTCHA Defeat |
OAT-10 | Card Cracking |
# | Attack type |
---|---|
OAT-11 | Scraping |
OAT-12 | Cashing out |
OAT-13 | Sniping |
OAT-14 | Vulnerability Scanning |
OAT-15 | Denial of Service |
OAT-16 | Skewing |
OAT-17 | Spamming |
OAT-18 | Footprinting |
OAT-19 | Account Creation |
OAT-20 | Account Aggregation |
API-DDoS Module
Top API-DDoS Security Risks (HTTP/s)
# | Attack type |
---|---|
L7D-1 | Classical botnets flood attack |
L7D-2 | Human mimicking attack |
L7D-3 | AI-based optimization attack |
L7D-4 | Heavy file downloads attack |
L7D-5 | Rotating IP’s attack |
L7D-6 | IoT source IP’s / anonymous proxies attacks |
L7D-7 | Multiple vectors attacking simultaneously |
L7D-8 | Request content randomization attack |
L7D-9 | “Out of scheme” parameters and contents attack |
L7D-10 | Cache evading attack |
# | Attack type |
---|---|
L7D-11 | Hit & run / randomly changing traffic volumes attack |
L7D-12 | Baseline poisoning attack |
L7D-13 | Flash crowding mimicking event attack |
L7D-14 | Attack occurs through flash crowding event |
L7D-15 | Asymmetric requests attack |
L7D-16 | Brute force attack |
L7D-17 | SlowLoris and slow-post attack |
L7D-18 | Slow read attack |
L7D-19 | SSL re-negotiation attack |
L7D-20 | SSL session exhaustion attack |
Use Cases
“We found out very quickly that we can truly rely on L7 Defense’s Ammune to detect Applicative DDoS threats on APIs with no additional overhead – Well done!”
Protecting APIs in Legacy Environment
“We had a gap in our applicative security measures, and the constant maintenance and updates overloaded our SOC staff. L7 Defense’s Ammune was the solution chosen to best remedy the situation – and it plugged the gap.”
Protecting APIs in AWS Cloud
“L7 Defense Ammune was installed in less than an hour by our in-house team. It was very easy to implement, and it required no further system updates. L7 Defense’s support team was available to us at all times.”