* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Workload Protection Platform](https://www2.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/)
* Secure Cloud Native APIs ...

# Secure Cloud Native APIs and Microservices

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-cloud-native-api-microservices%2F)  
[](https://twitter.com/share?text=Secure+Cloud+Native+APIs+and+Microservices&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-cloud-native-api-microservices%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-cloud-native-api-microservices%2F&title=Secure+Cloud+Native+APIs+and+Microservices&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/secure-cloud-native-api-microservices/&ts=markdown)  
\[\](mailto:?subject=Secure Cloud Native APIs and Microservices)  
Link copied  
By [Ory Segal](https://www.paloaltonetworks.com/blog/author/ory-segal/?ts=markdown "Posts by Ory Segal") and [Keith Mokris](https://www.paloaltonetworks.com/blog/author/keith-mokris/?ts=markdown "Posts by Keith Mokris")  
Oct 13, 2020  
4 minutes  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[API](https://www.paloaltonetworks.com/blog/tag/api/?ts=markdown)  
[Microservices](https://www.paloaltonetworks.com/blog/tag/microservices/?ts=markdown)  
[Product Announcement](https://www.paloaltonetworks.com/blog/tag/product-announcement/?ts=markdown)

Cloud native applications combine a growing number of hosts and microservices, with a variety of compute options and technology stacks. As we mention in the main [launch announcement for our latest updates](http://blog.paloaltonetworks.com/2020/10/cloud-evolution-comprehensive-cnsp)[,](https://docs.google.com/document/d/1AdTcpFSuO1pH1Vq-U41hVFuwZanc0N-BvXXOZ97NdYY/edit#) these complex architectures are only going to become more prevalent.

But securing the web applications and APIs that underpin these architectures has been a challenge for security teams due to their ever-changing nature and the lack of coverage from existing web security solutions.

With the latest update to Prisma Cloud, we're delivering a security solution designed to [secure cloud native APIs and microservices infrastructure](https://www.paloaltonetworks.com/prisma/cloud/web-application-API-security) with multiple layers of protection.

## Integrating Deep WAAS Capabilities with Prisma Cloud

Prisma Cloud provides visibility and [protection](https://www.paloaltonetworks.com/blog/2020/07/cloud-autofocus-prisma-integration/) across multi- and hybrid-cloud environments. This includes both the cloud service provider (CSP) resources and services users configure, as well as the applications running on VMs, containers, [Kubernetes](https://www.paloaltonetworks.com/blog/prisma-cloud/open-policy-agent-support/) and [serverless](https://www.paloaltonetworks.com/blog/prisma-cloud/protect-serverless-functions/).

![Prisma Cloud architecture highlighting WAAS protection coverage, including the management console, platform support from the Prisma Cloud agent, and what is protected (web attacks, bots and automation, app DoS attacks and API abuse.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/WAAS-protection-coverage.png)
Prisma Cloud architecture highlighting WAAS protection coverage.

By integrating deep web application and API security (WAAS) capabilities into our platform and unified agent framework, DevOps, application security professionals and security architects get a seamless platform that also includes vulnerability management, runtime defense and access control capabilities. Here are a few of the capabilities in this new module that help secure cloud native APIs and microservices.

## Auto-Discovery of Unprotected Web Applications and APIs

Prisma Cloud [Radar](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/radar) already delivers a real-time network topology of application communications integrated with vulnerability, compliance and runtime status. With these new WAAS capabilities, it now also automatically identifies running web applications and APIs along with their protection status.
![Prisma Cloud Radar displaying web application protection status](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/App-radar-1.png)
Prisma Cloud Radar displaying web application protection status.

## OWASP Top 10 Protection

Prisma Cloud can easily be configured to alert on and prevent against leading attack scenarios as part of the [OWASP Top 10](https://owasp.org/www-project-top-ten/), including SQL injection, [cross-site scripting (XSS)](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting), Shellshock protection, [brute-force](https://www.paloaltonetworks.com/cyberpedia/brute-force) login attacks and more.
![Web Application and API Security configuration screen in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/WAAS-configuration.png)
Web Application and API Security configuration in Prisma Cloud.

In addition, Prisma Cloud now offers the ability to disable, alert to, prevent or ban offending clients in these scenarios based on specific rule configurations for each application.

## API Protection

Web applications have been moving away from monolithic designs and shifting to [microservices-based architecture](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices), most commonly implemented using cloud native technologies like APIs. With the new WAAS module, Prisma Cloud can enforce security for these critical infrastructure components.
![API protection configuration window in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/API-configuration.png)
API protection configuration in Prisma Cloud.

Users can set specifications provided through [Swagger](https://swagger.io/) and [OpenAPI](https://www.openapis.org/) files, or set definitions using API paths, allowed HTTP methods, parameter names, input types, value ranges and more. Once set, users can then define automated responses to requests which do not comply with the API's expected behavior, such as sending an alert or banning an IP from accessing the API for a short period of time.

## File Upload Protection

For applications that allow users to upload files, Prisma Cloud can be set to alert on or enforce file upload restrictions using fine-grained control (allow, alert or prevent) based on file extension type, including audio, compressed archives, documents, images and video.

To prevent spoofing, the file content of these widely-used formats is inspected to validate its stated type, and to ensure it matches the filename extension.
![File upload protection parameters in Prisma Cloud across different types of files.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/upload-protection.png)
File upload protection parameters in Prisma Cloud.

## Additional Capabilities

Prisma Cloud also provides and/or supports:

* **Access control based on IP address or client geo-location:** Prevent web access for clients originating from specific IPs, networks or countries.
* **HTTP header-based web application protection:** Define criteria for allowing or denying access to web applications based on HTTP header names or values.
* **Centralized policies across any cloud native architecture:** Prisma Cloud provides unified protection across hosts, containers, Kubernetes applications and serverless. Web application and API protection is supported across these leading technologies with centralized policy controls and management.

## Begin Using the WAAS Module

Learn more on our dedicated [Web Application and API Security webpage](https://www.paloaltonetworks.com/prisma/cloud/web-application-API-security.html).

*** ** * ** ***

## Related Blogs

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Achieves Red Hat Vulnerability Scanner Certification](https://www2.paloaltonetworks.com/blog/cloud-security/prisma-cloud-achieves-red-hat-vulnerability-scanner-certification/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Better Together With IBM and Prisma Cloud Compute Edition](https://www2.paloaltonetworks.com/blog/cloud-security/better-together-ibm-prisma-cloud/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Automatically Secures Unprotected Cloud Workloads](https://www2.paloaltonetworks.com/blog/2021/04/april-2021-release-prisma-cloud/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Prisma Cloud Secures Containerized Apps on AWS-Optimized Bottlerocket](https://www2.paloaltonetworks.com/blog/cloud-security/secure-containerized-app-aws-bottlerocket/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Further Extends Host and Container Security](https://www2.paloaltonetworks.com/blog/2021/01/cloud-host-container-web-app-api-release/)

### [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Host Security: Enhanced Runtime Protection with Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/runtime-protection-prisma-cloud/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language