What is a Zombie API? — API Cybersecurity 101 with Brenton House

Don’t let an API bring on the Zombie Apocalypse! Keep your APIs up-to-date with the latest API Security Best Practices!

This is part of the API Cybersecurity 101 series by Software AG’s Senior API Strategist, Brenton House. A continuing series on API Security and Cybersecurity.

Have you ever come across an older API at your organization that was built by another team or possibly a contractor that no longer works with your company.

The API works fine and no major bugs and no complaints from the users of the API.

You may be thinking:

"If it ain't broke. Don't fix it"

THIS… is a Zombie API.

Before we get into the details of a Zombie API, let’s back up a bit and define some terms:

What is an API?

The acronym API stands for Application Programming Interface. Basically, it is non-human systems (or applications) that talk to each other in an agreed-upon way! Most often, people are talking about Web APIs, which include things like REST, GraphQL, gRPC, SOAP, etc. The introduction of smartphones caused an exponential growth and adoption of APIs as pretty much every single mobile application uses APIs.

What is API Security?

The simple answer is that it is about applying and managing security for your APIs but we all know, there is nothing simple about API Security.

There are 7 basic categories for APIs.

  • Public APIs
  • Internal APIs
  • Partner APIs
  • Composite APIs
  • Shadow APIs
  • Zombie APIs
  • Frankenstein APIs

So what is a Zombie API?

A Zombie API is an API that never gets updated because, well, it just works.

The problem arises when the Zombie API suddenly exposes a security vulnerability at your organization because it doesn’t have the latest updates for libraries and SDKs where these vulnerabilities were patched.

Nobody wants to update Zombie APIs.

It is often categorized as "Technical Debt" because it requires work that the customer isn't directly asking for.

Don’t be fooled.

Nobody wants the Zombie Apocalypse.

Not you,
Not your customers,
Nobody.

Keep your APIs up-to-date…
or shut them down!

Stay prepared and you just might survive the Zombie Apocalypse! 🧟

About Brenton House

Brenton House is Vice President of Digital Evangelism at Software AG. As an API and Digital Transformation Evangelist and Strategist, he has connected enterprises with API solutions and microservices, to help drive innovation and overall business growth for many organizations.

In his 25+ years of experience, he has worked across many industries including broadcasting, advertising, retail, financial services, supply chain, transportation, technology, and publishing — gaining a breadth of knowledge on all things APIs and Integrations. His diverse experience set and unique creative skill sets have enabled him to equip organizations in creating captivating and innovative products that delight users.

Check out some of our other resources to continue learning more about APIs and Integrations!

⭐ Software AG Blog ▪ https://blog.softwareag.com

⭐ API Knowledge Portal ▪ https://knowledge.softwareag.com

⭐ Software AG Tech Community ▪ https://techcommunity.softwareag.com/

🎬 Software AG YouTube Channel ▪ https://youtube.com/softwareag

🎬 Brenton House’s YouTube Channel ▪ https://youtube.com/brentonhouse

🎬 API Shorts YouTube Channel ▪ https://youtube.com/apishorts

👇👇👇 FREE online API Maturity assessment here! 👇👇👇

https://www.softwareag.com/api-maturity

Published in Brenton House — Digital Strategist and Influencer

⭐ 󠀠󠀠󠀠 Brenton House is an ex-hacker, filmmaker, developer, architect, consultant, strategist, and now Digital Evangelist. His 25+ years of creative experience allows him to equip enterprises to own their Digital Transformation journey with captivating products and services.

Written by Brenton House 🕵️‍♂️

Vice President, Digital Evangelism at Software AG — Cybersecurity Strategist - @brentonhouse

No responses yet

What are your thoughts?