-
Notifications
You must be signed in to change notification settings - Fork 10.1k
API Posture Management Changelog 2025-03-18 #21826
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
patriciasantaana
merged 7 commits into
cloudflare:production
from
cosgrove-cf:production
Apr 18, 2025
Merged
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
b2d9c9e
Add changelog entry for API Posture Management
cosgrove-cf 98ab6ab
Update changelog entry for API Shield 2025-03-18
cosgrove-cf 8a0ede3
Merge branch 'cloudflare:production' into changelog-apishield-1
cosgrove-cf 658ed1a
Merge pull request #1 from cosgrove-cf/changelog-apishield-1
cosgrove-cf 7f7d768
Spacing and minor copy edits
patriciasantaana edd3797
Added link and minor copy edits
patriciasantaana 3849023
Apply suggestions from code review
kodster28 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
32 changes: 32 additions & 0 deletions
32
src/content/changelog/api-shield/2025-03-18-api-posture-management.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| --- | ||
| title: New API Posture Management for API Shield | ||
| description: Monitor for API-specific threats and risks with Posture Management for API Shield | ||
| date: 2025-03-18T11:00:00Z | ||
| --- | ||
|
|
||
| Now, API Shield **automatically** labels your API inventory with API-specific risks so that you can track and manage risks to your APIs. | ||
|
|
||
| View these risks in [Endpoint Management](https://developers.cloudflare.com/api-shield/management-and-monitoring/) by label: | ||
|
|
||
|  | ||
|
|
||
| ...or in [Security Center Insights](https://developers.cloudflare.com/security-center/security-insights/): | ||
kodster28 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
|  | ||
|
|
||
| API Shield will scan for risks on your API inventory daily. Here are the new risks we're scanning for and automatically labelling: | ||
| - **cf-risk-sensitive**: applied if the customer is subscribed to the sensitive data detection ruleset and the WAF detects sensitive data returned on an endpoint in the last 7 days. | ||
patriciasantaana marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
patriciasantaana marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| - **cf-risk-missing-auth**: applied if the customer has configured a session ID and no successful requests to the endpoint contain the session ID. | ||
| - **cf-risk-mixed-auth**: applied if the customer has configured a session ID and some successful requests to the endpoint contain the session ID while some lack the session ID. | ||
| - **cf-risk-missing-schema**: added when a learned schema is available for an endpoint that has no active schema. | ||
| - **cf-risk-error-anomaly**: added when an endpoint experiences a recent increase in response errors over the last 24 hours. | ||
| - **cf-risk-latency-anomaly**: added when an endpoint experiences a recent increase in response latency over the last 24 hours. | ||
| - **cf-risk-size-anomaly**: added when an endpoint experiences a spike in response body size over the last 24 hours. | ||
|
|
||
| In addition, API Shield has two new 'beta' scans for **Broken Object Level Authorization (BOLA) attacks**. If you're in the beta, you'll see the following two labels when API Shield suspects an endpoint is suffering from a BOLA vulnerability: | ||
patriciasantaana marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| - **cf-risk-bola-enumeration**: added when an endpoint experiences successful responses with drastic differences in the number of unique elements requested by different user sessions. | ||
patriciasantaana marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| - **cf-risk-bola-pollution**: added when an endpoint experiences successful responses where parameters are found in multiple places in the request. | ||
|
|
||
| We are currently accepting more customers into our beta. Please contact your account team if you are interested in BOLA attack detection for your API. | ||
patriciasantaana marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| Read our [blog post](https://blog.cloudflare.com/cloudflare-security-posture-management/) to learn more about Cloudflare's expanded posture management capabilities. | ||
patriciasantaana marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.