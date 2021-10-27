APIs leave businesses open to attack

No Comments
Intelligent APIs

APIs are designed to be fast and easy pipelines between different platforms. They offer convenience and user experience which makes APIs essential to many businesses, but it also makes them attractive targets for cybercriminals.

A new report from Akamai, produced in collaboration with Veracode, highlights the frustrating pattern of API vulnerabilities, despite improvements that have been made in software development life cycles (SDLCs) and testing tools.

Often, API security is relegated to an afterthought in the rush to bring apps to market, with many organizations relying on traditional network security solutions that are not designed to protect the wider attack surface that APIs can introduce.

Advertisement

"From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application," says Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. "API attacks are both underdetected and underreported when detected. While DDoS attacks and ransomware are both major issues, attacks on APIs don’t receive the same level of attention, in large part because criminals use APIs in ways that lack the splash of a well executed ransomware attack, but that doesn’t mean they should be ignored."

Part of the problem is that APIs are often hidden within mobile apps, leading to the belief that they are safe from manipulation. Developers make the assumption that users will only interact with the APIs via the mobile user interface (UI), but the report points out that's not the case.

"To add more fuel to the fire, API calls are easier and faster to automate (by design!) -- a double-edged sword that benefits developers as well as attackers," notes Chris Eng, chief research officer at Veracode.

The full report is available on the Akamai site.

Image Credit: totallyPic.com / Shutterstock

No Comments
Got News? Contact Us
Advertisement

Recent Headlines

APIs leave businesses open to attack

Microsoft's Tenjin project is a Windows 11 SE-powered Chromebook rival

Revealing the industries most hit by ransomware

Majority of businesses not protecting their sensitive data in the cloud

Microsoft is rolling out the new Windows 11 store app to some Windows 10 users

Microsoft releases KB5006738 update preview to fix printing problems and more in Windows 10

How software engineers can avoid burnout [Q&A]

Most Commented Stories

Donald Trump launches his new social networking platform called TRUTH Social

37 Comments

Microsoft is using KB5005463 update to push PC Health Check app and encourage upgrades from Windows 10 to Windows 11

25 Comments

Twitter's algorithms actually promote right-wing ideologies, not liberal ones

22 Comments

AMD releases patch and Microsoft releases KB5006746 update to fix Windows 11 performance issues

21 Comments

Android apps are available to test on Windows 11 now! Here's how to get started

17 Comments

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.