I already have an API Gateway. Why do I need Signando REST?
The Swiss Cheese Model explains why a single security layer is never enough.
The Swiss Cheese Model
The Swiss Cheese Model (also known as Defence in Depth) is a fundamental security principle: Every security measure has holes — vulnerabilities, misconfigurations, zero-day exploits, or implementation bugs. Like slices of Swiss cheese, each layer has gaps.
🧀 The Key Insight
When you stack multiple cheese slices, the holes don't align. An attack that slips through one layer gets caught by the next. You need at least TWO independent security layers in series to ensure that a single vulnerability cannot be exploited.
Critical: Select a second gateway that has technological and economic distance from your existing gateway — different programming language, different vendor. Don't use two Java-based gateways, as they would share the same Java vulnerabilities (e.g., Log4Shell). That's why Signando REST was built from the ground up in Rust instead of reusing existing open source products.
Why Your Existing Gateway Isn't Enough
🔓 Single Point of Failure
If your API Gateway has a vulnerability — and every software does — an attacker has direct access to your backend. There's nothing else stopping them.
- Zero-day exploits in gateway software
- Misconfigured rules or policies
- Authentication bypass vulnerabilities
- Insufficient input validation
🛡️ With Signando REST Added
Even if an attacker exploits your gateway, Signando REST provides an independent second check. The attack must bypass BOTH systems — exponentially harder.
- Independent codebase (no shared vulnerabilities)
- Schema-based validation (different approach)
- Response validation (catches backend compromises)
- Written in Rust (memory-safe)
Real-World Attack Scenarios
🔔 Trust but Verify: Block AND Alarm
Signando REST doesn't just block attacks — it also alarms. This is the key to the "Trust but Verify" principle:
- If your first gateway works correctly, every request should pass Signando REST without complaint
- If you suddenly receive alerts from Signando REST, you know something is wrong with the first gateway (bug, exploit, misconfiguration)
- This is the only way to detect when your primary security fails — otherwise you'd never know
- The same applies to responses: Both request and response are double-checked
Scenario 1: Gateway Vulnerability
❌ Without Signando REST
CVE in your gateway → Attacker bypasses all security → Direct backend access → Data breach
✅ With Signando REST
CVE in your gateway → Attacker bypasses gateway → Signando REST blocks invalid request → Attack stopped
Scenario 2: Misconfiguration
❌ Without Signando REST
Admin error exposes endpoint → Attacker accesses unauthorized API → Data exfiltration
✅ With Signando REST
Admin error exposes endpoint → Signando REST still validates against OpenAPI spec → Unauthorized access denied
Scenario 3: Supply Chain Attack
❌ Without Signando REST
Compromised gateway dependency → Malicious code in gateway → All requests affected
✅ With Signando REST
Compromised gateway dependency → Signando REST (different stack) unaffected → Validates all responses → Catches anomalies
The Math of Defence in Depth
If each security layer stops 99% of attacks (1% get through):
- 1 layer: 1% of attacks succeed (1 in 100)
- 2 layers: 0.01% of attacks succeed (1 in 10,000)
- 3 layers: 0.0001% of attacks succeed (1 in 1,000,000)
Adding Signando REST doesn't just add security — it multiplies your protection.
Implement Defence in Depth
Add Signando REST as your second security layer.