Does API Gateway protect against data tampering, dictionary attacks or resource hijack attacks?
API Gateway does not offer explicit policies for dictionary attacks or resource hijack attacks. Data hampering can be prevented by using encryption. For detailed list of policies available please refer the below link Reverb
Do you know some possible methods to help mitigate dictionary attacks or resource hijack attacks?
A dictionary attack is a brute-force method of entering every word in dictionary and for this you can set the “Account Locking Settings” to help defend against this.
For resource hijacking, the technique that typically implies the installation and operation of crypto miners, APIGW can perhaps be used (in conjunction with an ICAP server) to try to ensure that a malicious payload that contains the code is not delivered and installed via an APIGW call.
Hope this helps.