Rapid Penetration Test for Securing Channel APIs in Hybrid Cloud (Dynamic Defense of Channel API)


Luiza Nacshon1 and Anna Sandler2, 1Senior Security Engineer, Red Hat, Israel, 2Software Engineer, Red Hat, Washington D.C


The goal of this research is to explore the security aspects of the hybrid Cloud Channel API world in greater depth and develop a rapid penetration testing tool that will help security researchers test Cloud Channel API security more effectively. The research proposes an innovative proxy-based solution for a rapid reactive test implementing a dynamic defence for channel API in the hybrid cloud. The proxy-based solution executes security testing rules against the channel API requests and validates weaknesses or vulnerabilities as a dynamic defence. Malicious or vulnerable requests may be denied/dropped/alerted, the results and decisions will be reflected in the API management dashboard. In the scope of the paper we focus on known API attacks and in the future work we are going to have a machine learning algorithm for unknown and new channel API attacks.


openshift, channel api, security, hybrid cloud, penetration test.

Full Text  Volume 13, Number 3