API Security Visibility Case Study for Mobile Carrier

This case study details the efforts of one of the largest mobile phone carriers in the United States to gain complete visibility into its API footprint. The security team aimed to identify unmanaged and unsecure APIs that could pose risks to their network. Utilizing Cequence's API Spyder, the team discovered thousands of unmanaged APIs that were previously invisible to them. The API Spyder tool automated the discovery process, replacing a labor-intensive manual approach and ensuring continuous monitoring of their API landscape. The findings revealed significant security issues, including unsecured non-production servers, vulnerabilities related to Log4J, SSL certificate problems, and exposed files containing sensitive information. The case study outlines the importance of having a comprehensive API attack surface report and highlights the steps taken to remediate identified security issues, ultimately enhancing the security posture of the organization.