Definition

Improper Inventory Management occurs when organizations do not have full visibility or control over all APIs in their environment.

This includes:

• Unknown or undocumented APIs
• Outdated or deprecated API versions still running
• Shadow or “zombie” APIs
• Lack of governance over API creation and deployment

Core idea

You cannot secure what you do not know exists.

If APIs are not properly tracked and managed, attackers can discover and exploit:

• Old API versions
• Forgotten endpoints
• Internal or test APIs exposed to the internet

Two main problems

1. Lack of awareness (visibility problem)

• Do you know every API running in your environment?
• Many organizations do not maintain a full API inventory