{"id":1109,"date":"2018-07-17T19:28:39","date_gmt":"2018-07-17T23:28:39","guid":{"rendered":"https:\/\/orendasecurity.com\/?p=1109"},"modified":"2019-11-01T19:34:04","modified_gmt":"2019-11-01T23:34:04","slug":"securiser-les-api-pour-les-applications-dentreprises","status":"publish","type":"post","link":"https:\/\/orendasecurity.com\/fr\/blog\/securiser-les-api-pour-les-applications-dentreprises\/","title":{"rendered":"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES"},"content":{"rendered":"<p>Les interfaces de programmation d\u2019applications (API) facilitent les services technologiques essentiels pour les entreprises d\u2019aujourd\u2019hui dans tous les secteurs verticaux. Les API sont la principale m\u00e9thode pour acc\u00e9der aux donn\u00e9es via les canaux num\u00e9riques tels que les applications mobiles et web, l\u2019infonuagique et l\u2019internet des objets (IoT), permettant aux organisations d\u2019acc\u00e9der \u00e0 et de partager des renseignements avec leurs clients et partenaires plus efficacement.<\/p>\n<p>Les API faisant maintenant partie des standards de l\u2019industrie des architectures d\u2019entreprise, les risques de s\u00e9curit\u00e9 sont devenus une pr\u00e9occupation majeure. Les cybermenaces et cyberattaques ciblent de plus en plus les applications d\u2019entreprise, \u00e9tant donn\u00e9 leur accessibilit\u00e9 via les environnements infonuagiques, mobiles et sur site. L\u2019API peut \u00eatre un point majeur de vuln\u00e9rabilit\u00e9, consid\u00e9rant sa capacit\u00e9 \u00e0 offrir un acc\u00e8s programmatique aux d\u00e9veloppeurs externes. Ultimement, selon la fa\u00e7on dont l\u2019API a \u00e9t\u00e9 programm\u00e9e, elle pourrait s\u00e9rieusement exposer des donn\u00e9s \u00e0 des exploits dans les applications et les r\u00e9seaux d\u2019arri\u00e8re-plan, et \u00e9tendre encore plus la zone d\u2019attaque.<\/p>\n<p>Les API pourraient \u00eatre expos\u00e9es \u00e0 plusieurs menaces et vuln\u00e9rabilit\u00e9s, permettant aux cyberpr\u00e9dateurs de cibler le syst\u00e8me sous-jacent, le serveur d\u2019application ou m\u00eame l\u2019API elle-m\u00eame. Les vuln\u00e9rabilit\u00e9s li\u00e9es \u00e0 la configuration et aux correctifs de syst\u00e8mes doivent \u00eatre \u00e9valu\u00e9es pour rem\u00e9dier aux risques associ\u00e9s aux probl\u00e8mes de configuration, de logiciels en fin de vie ou de correctifs. Le serveur d\u2019application qui h\u00e9berge l\u2019API pourrait faire l\u2019objet de d\u00e9tournements de sessions ou de vuln\u00e9rabilit\u00e9s li\u00e9es \u00e0 des configurations de s\u00e9curit\u00e9 inad\u00e9quates. L\u2019API h\u00e9berg\u00e9e elle-m\u00eame pourrait \u00eatre le th\u00e9\u00e2tre d\u2019attaques par injection, de probl\u00e8mes de contr\u00f4le d\u2019acc\u00e8s ou d\u2019exposition de donn\u00e9es sensibles. Il est important de comprendre tous les niveaux de risques potentiels associ\u00e9s aux API et aux composantes qui y sont li\u00e9es.<\/p>\n<p>Il existe des m\u00e9thodes fondamentales de protection qui devraient \u00eatre mises en place pour mitiger les risques pour les API essentielles de votre environnement. Plus t\u00f4t on incorpore les processus de s\u00e9curit\u00e9 au d\u00e9ploiement des API, mieux ce sera. \u00c0 l\u2019\u00e9tape de la planification, les architectes et les d\u00e9veloppeurs devraient consid\u00e9rer les questions de d\u00e9pendances, d\u2019authentification et d\u2019autorisations, et les enjeux d\u2019int\u00e9grit\u00e9 des donn\u00e9es qui auront un impact sur les API apr\u00e8s qu\u2019elles auront \u00e9t\u00e9 d\u00e9velopp\u00e9es et d\u00e9ploy\u00e9es en production. Par exemple, contr\u00f4ler l\u2019acc\u00e8s aux API est essentiel pour mitiger les risques d\u2019identit\u00e9 et les menaces de session. Il est essentiel de s\u00e9parer l\u2019identit\u00e9 de l\u2019utilisateur de l\u2019application qui acc\u00e8de \u00e0 l\u2019API. Les fournisseurs d\u2019API devraient pouvoir identifier une application de fa\u00e7on unique et contr\u00f4ler les op\u00e9rations que l\u2019application elle-m\u00eame peut r\u00e9aliser. Ces mesures devraient faire partie des politiques de s\u00e9curit\u00e9 et des pratiques standards qui r\u00e9gissent le d\u00e9veloppement d\u2019API et d\u2019applications s\u00e9curitaires.<\/p>\n<p>Lors du d\u00e9veloppement, les politiques \u00e9tablies pour s\u00e9curiser les API devrait \u00eatre exerc\u00e9es. Avant le d\u00e9ploiement en production, les API devraient subir des <a href=\"https:\/\/orendasecurity.com\/services\/penetration-testing-services\/\">tests d\u2019intrusion<\/a> afin d\u2019identifier toute vuln\u00e9rabilit\u00e9 qui pourrait \u00eatre exploit\u00e9e pour compromettre les renseignements d\u2019affaires sensibles. En production, les API devraient \u00eatre surveill\u00e9es afin de d\u00e9celer tout probl\u00e8me de performance ou menaces qui pourraient indiquer un incident de s\u00e9curit\u00e9 potentiel. La qualit\u00e9 de service (QOS) devrait \u00eatre \u00e9tablie afin de mitiger les attaques par d\u00e9ni de service et inondation. Des tests dynamiques continus de <a href=\"https:\/\/orendasecurity.com\/services\/dynamic-application-security-testing\/\">s\u00e9curit\u00e9<\/a> des applications (DAST) et des tests d\u2019intrusion p\u00e9riodiques devraient faire partie de la strat\u00e9gie de protection des API. Les API sont trop essentielles aux entreprises pour ignorer les implications de ne pas inclure la s\u00e9curit\u00e9 dans leur strat\u00e9gie d\u2019API. \u00c9tablissez une strat\u00e9gie de s\u00e9curit\u00e9 des API, ex\u00e9cutez-la et surveillez continuellement.<\/p>\n<p>&nbsp;<\/p>\n<!--themify_builder_content-->\n<div id=\"themify_builder_content-1109\" data-postid=\"1109\" class=\"themify_builder_content themify_builder_content-1109 themify_builder tf_clear\">\n    <\/div>\n<!--\/themify_builder_content-->\n","protected":false},"excerpt":{"rendered":"<p>Les interfaces de programmation d\u2019applications (API) facilitent les services technologiques essentiels pour les entreprises d\u2019aujourd\u2019hui dans tous les secteurs verticaux. Les API sont la principale m\u00e9thode pour acc\u00e9der aux donn\u00e9es via les canaux num\u00e9riques tels que les applications mobiles et web, l\u2019infonuagique et l\u2019internet des objets (IoT), permettant aux organisations d\u2019acc\u00e9der \u00e0 et de partager [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[41],"tags":[],"class_list":["post-1109","post","type-post","status-publish","format-standard","hentry","category-affaires-et-securite","has-post-title","has-post-date","has-post-category","has-post-tag","has-post-comment","has-post-author",""],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES - Orenda Security<\/title>\n<meta name=\"description\" content=\"Les interfaces de programme d\u2019application (API) facilitent les services technologiques critiques pour les entreprises d\u2019aujourd\u2019hui, dans tous les secteurs.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES - Orenda Security\" \/>\n<meta property=\"og:description\" content=\"Les interfaces de programme d\u2019application (API) facilitent les services technologiques critiques pour les entreprises d\u2019aujourd\u2019hui, dans tous les secteurs.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Orenda Security\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-17T23:28:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-11-01T23:34:04+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/es\\\/blog\\\/securing-apis-for-business-applications-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/es\\\/blog\\\/securing-apis-for-business-applications-2\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#\\\/schema\\\/person\\\/71e78bbd148633574ef05cbd43aa3789\"},\"headline\":\"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES\",\"datePublished\":\"2018-07-17T23:28:39+00:00\",\"dateModified\":\"2019-11-01T23:34:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/es\\\/blog\\\/securing-apis-for-business-applications-2\\\/\"},\"wordCount\":711,\"publisher\":{\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#organization\"},\"articleSection\":[\"Affaires et s\u00e9curit\u00e9\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/es\\\/blog\\\/securing-apis-for-business-applications-2\\\/\",\"url\":\"https:\\\/\\\/orendasecurity.com\\\/es\\\/blog\\\/securing-apis-for-business-applications-2\\\/\",\"name\":\"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES - Orenda Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#website\"},\"datePublished\":\"2018-07-17T23:28:39+00:00\",\"dateModified\":\"2019-11-01T23:34:04+00:00\",\"description\":\"Les interfaces de programme d\u2019application (API) facilitent les services technologiques critiques pour les entreprises d\u2019aujourd\u2019hui, dans tous les secteurs.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/es\\\/blog\\\/securing-apis-for-business-applications-2\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/orendasecurity.com\\\/es\\\/blog\\\/securing-apis-for-business-applications-2\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/es\\\/blog\\\/securing-apis-for-business-applications-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/orendasecurity.com\\\/fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#website\",\"url\":\"https:\\\/\\\/orendasecurity.com\\\/\",\"name\":\"Orenda Security\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/orendasecurity.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#organization\",\"name\":\"Orenda Security\",\"url\":\"https:\\\/\\\/orendasecurity.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/orendasecurity.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/OrendaSecurity__Logo.png\",\"contentUrl\":\"https:\\\/\\\/orendasecurity.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/OrendaSecurity__Logo.png\",\"width\":432,\"height\":173,\"caption\":\"Orenda Security\"},\"image\":{\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/orendasecurity.com\\\/#\\\/schema\\\/person\\\/71e78bbd148633574ef05cbd43aa3789\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0bd3dc4178cf2a15d73d4bebfcdb5d4d02946737d7635bc4749f7b0d68d1bc58?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0bd3dc4178cf2a15d73d4bebfcdb5d4d02946737d7635bc4749f7b0d68d1bc58?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0bd3dc4178cf2a15d73d4bebfcdb5d4d02946737d7635bc4749f7b0d68d1bc58?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"url\":\"https:\\\/\\\/orendasecurity.com\\\/fr\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES - Orenda Security","description":"Les interfaces de programme d\u2019application (API) facilitent les services technologiques critiques pour les entreprises d\u2019aujourd\u2019hui, dans tous les secteurs.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/","og_locale":"fr_FR","og_type":"article","og_title":"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES - Orenda Security","og_description":"Les interfaces de programme d\u2019application (API) facilitent les services technologiques critiques pour les entreprises d\u2019aujourd\u2019hui, dans tous les secteurs.","og_url":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/","og_site_name":"Orenda Security","article_published_time":"2018-07-17T23:28:39+00:00","article_modified_time":"2019-11-01T23:34:04+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"admin","Dur\u00e9e de lecture estim\u00e9e":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/#article","isPartOf":{"@id":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/"},"author":{"name":"admin","@id":"https:\/\/orendasecurity.com\/#\/schema\/person\/71e78bbd148633574ef05cbd43aa3789"},"headline":"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES","datePublished":"2018-07-17T23:28:39+00:00","dateModified":"2019-11-01T23:34:04+00:00","mainEntityOfPage":{"@id":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/"},"wordCount":711,"publisher":{"@id":"https:\/\/orendasecurity.com\/#organization"},"articleSection":["Affaires et s\u00e9curit\u00e9"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/","url":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/","name":"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES - Orenda Security","isPartOf":{"@id":"https:\/\/orendasecurity.com\/#website"},"datePublished":"2018-07-17T23:28:39+00:00","dateModified":"2019-11-01T23:34:04+00:00","description":"Les interfaces de programme d\u2019application (API) facilitent les services technologiques critiques pour les entreprises d\u2019aujourd\u2019hui, dans tous les secteurs.","breadcrumb":{"@id":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/orendasecurity.com\/es\/blog\/securing-apis-for-business-applications-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/orendasecurity.com\/fr\/"},{"@type":"ListItem","position":2,"name":"S\u00c9CURISER LES API POUR LES APPLICATIONS D\u2019ENTREPRISES"}]},{"@type":"WebSite","@id":"https:\/\/orendasecurity.com\/#website","url":"https:\/\/orendasecurity.com\/","name":"Orenda Security","description":"","publisher":{"@id":"https:\/\/orendasecurity.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/orendasecurity.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/orendasecurity.com\/#organization","name":"Orenda Security","url":"https:\/\/orendasecurity.com\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/orendasecurity.com\/#\/schema\/logo\/image\/","url":"https:\/\/orendasecurity.com\/wp-content\/uploads\/2019\/08\/OrendaSecurity__Logo.png","contentUrl":"https:\/\/orendasecurity.com\/wp-content\/uploads\/2019\/08\/OrendaSecurity__Logo.png","width":432,"height":173,"caption":"Orenda Security"},"image":{"@id":"https:\/\/orendasecurity.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/orendasecurity.com\/#\/schema\/person\/71e78bbd148633574ef05cbd43aa3789","name":"admin","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/0bd3dc4178cf2a15d73d4bebfcdb5d4d02946737d7635bc4749f7b0d68d1bc58?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0bd3dc4178cf2a15d73d4bebfcdb5d4d02946737d7635bc4749f7b0d68d1bc58?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0bd3dc4178cf2a15d73d4bebfcdb5d4d02946737d7635bc4749f7b0d68d1bc58?s=96&d=mm&r=g","caption":"admin"},"url":"https:\/\/orendasecurity.com\/fr\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/posts\/1109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/comments?post=1109"}],"version-history":[{"count":0,"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/posts\/1109\/revisions"}],"wp:attachment":[{"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/media?parent=1109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/categories?post=1109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/orendasecurity.com\/fr\/wp-json\/wp\/v2\/tags?post=1109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}