We are planning to use an API Gateway to facilitate several REST API calls. Some of these calls will result in querying and returning highly confidential data. It appears that the API Gateway service (Oracle API Gateway) has built-in and configurable security policies that can be detect and prevent Layer 7 attacks executed against our API’s. The last thing we need is someone being able to execute a successful SQL injection and exfiltrate our sensitive data.

I’ve also been reading up on the need for a WAF here. Could someone help me understand how a WAF would assist or augment the Web API protections that the API Gateway itself has?

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.