Security
Cloudflare offers the following features to help secure your APIs:
- API Discovery
- Volumetric Abuse Detection
- Sequence Analytics
- JSON Web Tokens Validation
- Mutual TLS (mTLS)
- Schema Validation
Example Cloudflare solutions
Cloudflare’s API Shield — together with other compatible Cloudflare products — helps protect your API from the issues detailed in the OWASP® API Security Top 10.
The following table provides examples of how you might match Cloudflare products to OWASP vulnerabilities:
OWASP issue | Example Cloudflare solution |
---|---|
Broken Object Level Authorization | Schema Validation |
Broken User Authentication | mTLS, Anomaly Detection, Rate Limiting, Leaked Credential Checks |
Excessive Data Exposure | Schema Validation, Sensitive Data Detection (Beta) |
Lack of Resources & Rate Limiting | Anomaly Detection, Rate Limiting, DDoS Protection |
Broken Function Level Authorization | Schema Validation |
Mass Assignment | Schema Validation, Anomaly Detection, Rate Limiting |
Security Misconfiguration | Schema Validation, Sensitive Data Detection (Beta) |
Injection | Schema Validation, WAF Managed Rules |
Improper Assets Management | Discovery |
Insufficient Logging & Monitoring | Discovery SIEM integration, Management and Monitoring |