AI-Powered Cyber-Attack Protection for APIs with WSO2 and PingIntelligence

The exponential increase in API adoption has made it a prime target for hackers who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. Because of the complexity of these attacks and the different access patterns and users of an API, static security controls alone cannot prevent a breach. That’s why we partnered with Ping Identity to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.

WSO2 API Manager is a unique open source approach to addressing the full API lifecycle. It offers various static policy-based options for security and access control. These include:

  • OAuth 2.0 authentication and authorization for API access
  • Request and response validation against the most common request based attacks such as SQL injection, parsing attacks, and schema poisoning
  • API policy creation and enforcement based on specific parser properties and regular expressions
  • Support for many types of rate limiting capabilities including rate limits by request counts and network bandwidth usage
  • The ability to assign quotas to users, applications, IP addresses, devices, and regions among other things

PingIntelligence for APIs is the leading solution for AI-powered API cybersecurity. They help enterprises augment their static controls and extend their security capabilities with continuous, proactive API threat monitoring and detecting that automatically discovers anomalous API traffic behavior. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognize and respond to attacks which fly under the radar of foundational API security measures, and target API vulnerabilities—without policies, rules or code. These include:

  • Credential stuffing and brute-force attacks on login systems
  • Layer 7 DDoS attacks that scrape data and disrupt API services
  • Taking over accounts using stolen cookies, tokens or API keys
  • Rogue insiders exfiltrating data in small amounts over extended periods of time

WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE), which can be deployed in the WSO2 API Gateway. This means that WSO2 API Manager users can apply AI-based security analysis for their APIs along with static policy-based security controls. Meanwhile, PingIntelligence users can utilize AI-based analytics when they externally expose their services as APIs.

To learn more about how the extension works and what attacks it can detect, read WSO2 Associate Director and Architect Sanjeewa Malalgoda’s article or register for our webinar. Download the extension for WSO2 API Manager here.

Women in Open Source Tech Roundup: April and May 2019

We launched a campaign to celebrate the intelligent, awesome, and interesting personalities behind our technology earlier in the year. In April and May, we spoke to female software engineers, a technical writer, an enterprise architect, and a research engineer to find out how they found themselves where they are today and why they want more girls to join this industry.

This roundup gives you the chance to get to know them better.

Dakshitha Ratnayake

We started April by featuring Dakshitha, an enterprise architect at WSO2’s CTO office. Dakshitha defines success in life as being the ability to juggle both motherhood and career development to the best of her ability. “Keep learning” is her mantra, because change is constant and it’s never too late to learn, adapt, and improve yourself in the long run. When she’s not at work, she loves to run, play basketball, sing, bake, and cook – Dakshitha has a lot going on always!

Some interesting facts about Dakshitha…

  • Pet peeve: Cantankerous keyboard warriors
  • Childhood ambition: To become an astronaut
  • If she weren’t an enterprise architect, she’s be a writer, a chef, or a teacher.

Anupama Pathirage

As a teenager, Anupama wanted to be a hacker. But she became a software engineer instead and is currently a technical lead for Ballerina, a cloud native programming language. Anupama first came across a programming language as a teenager, and she never thought that one day, she’ll be working on developing a new programming language from scratch. Success for Anupama is the ability to be satisfied with whatever we choose to do in life.

Some interesting facts about Anupama…

  • Pet peeve: People who constantly talk about doing something but never take action or follow through
  • Childhood ambition: To become a computer system hacker (of course!)
  • If she weren’t a software engineer, she’d be an entrepreneur.

Sinthuja Rajendran

Sinthuja is a senior technical lead at WSO2. She loves her job as it involves conducting research about current and emerging trends in technology, and advising others in her team. Although she studied telecommunications engineering at university, her true career passion lies in computer science and software engineering. Sinthuja, success is inner happiness – whether it’s following your dreams or you’re delighted that you performed a simple task better than you initially anticipated.

Some interesting facts about Sinthuja…

  • Pet peeve: Expecting great results sans the effort
  • Childhood ambition: To become a pilot
  • If she weren’t a software engineer, she’s be an interior designer.

Yvonne Wickramasinghe

Yvonne loves animals, helping to rescue stray animals wherever she can. She’s passionate about nature, raising awareness on issues such as deforestation and environmental damage. Yvonne is also a technical writer at WSO2. She believes in being true to one’s self to achieve success and advises others to not be afraid of failure. Yvonne thinks that women have a remarkable ability to thrive in fast-paced environments – and sometimes, this can lead to misinterpretations.

Some interesting facts about Yvonne…

  • Pet peeves: Cruelty to animals, deforestation, and destroying nature
  • Childhood ambition: To become a medical practitioner
  • If she weren’t a technical writer, she’d be a business analyst or product manager.

Nayantara Jeyaraj

Nayantara (or Taro as she’s more commonly known as) loves music, Instagramming, and pop culture. When she was at university, she learnt about the digital divide in today’s world. Eventually, this is what spurred her to become a research engineer so that she can contribute to bridging this gap – in whichever way she can through her work. She encourages others to move out of their comfort zones, keep learning, and introduce new ideas.

Some interesting facts about Taro…

  • Pet peeve: When someone says that they don’t like k-pop, even worse, BTS
  • Childhood ambition: To be an adventure-fiction writer
  • If she weren’t a research engineer, she’d be a pop-culture content producer at BuzzFeed.

Keep a lookout on our LinkedIn and Twitter pages because we’ll be featuring more of these videos in June. Kudos to Ishara and Vidyas for being a part of this project with me behind the scenes. We’d love to hear from more women who work in open source technology to learn more about your experiences. Drop us an email on vichitra@wso2.com and isharan@wso2.com to be a part of this campaign.

Enterprise Integrator 6.5.0 Focuses on Integration Developer Productivity

We are pleased to announce the release of WSO2 Enterprise Integrator 6.5.0. Our latest release includes unified integration and a data integration runtime (Integrator) as well as a micro integration runtime (Micro Integrator) and a comprehensive tooling distribution (Integration Studio) to support both runtimes.

This release aims at addressing developer productivity and cloud native integration requirements more comprehensively than ever. This has been one of the most anticipated WSO2 Enterprise Integrator releases, as it brings new product components and features specifically targeted at improving integration developers’ productivity as well as helping developers easily build and deploy container-native integration solutions. Following are the major highlights.

WSO2 Integration Studio

The integration team invested significant time and effort with the objective of improving the user experience and developer productivity of WSO2 Enterprise Integrator tooling. Some implementation targets for the new tooling included adding runtime validation of code, improving the look and feel of the tool palette and development canvas, improving the utilization of screen space, providing selection options for every possible configuration option, reducing the clicks and configuration steps, and adding Docker and WSO2 Integration Cloud support. In addition to the Integration Studio, we have improved the integration and micro integrator runtime with feature additions as well.

Some major capability enhancements are listed below:

  • New design for a superior graphical developer experience
  • Built-in micro runtime to support improved testing and debugging of integration artifacts
  • Capability to build Docker images from the development tool itself using runtime artifacts
  • Seamless experience to deploy integration artifacts into WSO2 Integration Cloud
  • Built-in project templates for faster initiation of new integration projects and artifacts
  • Artifact validation and error detection during the development stage of integration projects

WSO2 Micro Integrator

WSO2 Micro Integrator runtime is a lightweight product based on the same technology as that of WSO2 Integrator. Hence, artifacts developed for WSO2 Integrator (ESB) are fully compatible with WSO2 Micro Integrator. The reduced size and rapid startup time make this the ideal solution for enterprises that are planning to move into microservices and container deployable solutions. WSO2 Micro Integrator has been streamlined for developing composite microservices by orchestrating several services within a microservice implementation.

Key capabilities of WSO2 Micro Integrator runtime include:

  • Reduced startup time (< 5s)
  • Seamless deployment of integration artifacts from WSO2 Integration Studio
  • Reduced distribution size (< 150 MB)
  • Ability to generate micro integrator Docker images from WSO2 Integration Studio with integration artifacts
  • REST API to monitor and manage micro integrator runtime
  • CLI tool to inspect artifacts of micro integrator
  • Built-in monitoring capabilities with Prometheus, ELK, and WSO2 Integration Analytics

WSO2 Integrator Runtime

WSO2 Integrator runtime is the most common deployment environment used by a majority of WSO2 Integration platform customers. In this new release, we are introducing the following key capabilities to enhance integration development.

  • A new mediator named Property Group that enhances the usability by providing the ability to configure multiple properties inside a single mediator
  • Native JSON support for Iterate, Aggregate, and Enrich mediators
  • Message Processor improvements to handle poison messages
  • Enhanced REST support for Data Service JSON payloads
  • OData Support for MongoDB
  • Support to monitor statistics with Prometheus
  • Security fixes and bug fixes implemented since the previous release

Other Runtimes Packaged with WSO2 Enterprise Integrator

Bug fixes and security fixes that were done since the previous WSO2 Enterprise Integrator release are incorporated into WSO2 Business Process and WSO2 Message Broker runtimes.

Furthermore, in this release, we are announcing the deprecation of WSO2 Microservices for Java (MSF4J) runtime packaged within WSO2 Enterprise Integrator. The compelling reason for this is because we see more value added to users from the WSO2 MSF4J GitHub project and its artifacts since many microservice developers will use it as a dependency rather than a server runtime. Hence, we believe MSF4J is more useful for developers in its GitHub-based release cycle, so it won’t be packaged with WSO2 Enterprise Integrator in future releases.

To learn more about the latest release, features, and what it means for your experience, join our webinar on June 6, 2019.

We have also organized a webinar series with comprehensive discussions on WSO2 Integration Studio and how it can be used for integration efforts in your enterprise.