99 percent of organizations experience API security issues
A surge in API adoption, driven by the need for organizations to modernize infrastructures and unlock new revenue streams, is contributing to the rise in API security risk according to a new report.
The study from Salt Security finds 99 percent of respondents encountered API security issues within the past 12 months and 55 percent slowed the rollout of a new application due to API security concerns.
Analysis of the most frequently reported security challenges in production APIs revealed that vulnerabilities, exposing APIs to exploits such as injection attacks and Broken Object-Level Authorization (BOLA), accounted for more than one-third of issues (37 percent), closely followed by sensitive data exposure (34 percent) and API authentication weaknesses (29 percent).
Generative AI has added to the security challenge with 47 percent of respondents expressing concerns about securing AI-generated code and 40 percent citing potential vulnerabilities introduced by AI-generated code as a top risk. Only 11 percent of respondents don't perceive the use of GenAI applications as a growing security concern within their organization.
Analysis of customer API traffic by Salt also reveals that 95 percent of API attacks over the past 12 months originated from authenticated sources. This suggests that traditional API security methods that rely heavily on authentication as a primary defense are no longer sufficient. In addition, 98 percent of attack attempts targeted external-facing APIs, reinforcing that public APIs are the primary attack vector for malicious actors.
"In a digital-first society, whereby APIs enable innovation and seamless interconnectivity, the pace at which organizations are deploying APIs has increased exponentially," says Roey Eliyahu, co-founder and CEO, Salt Security. "The insights provided by survey respondents and the data from Salt's customer base, highlights how bad actors continue to exploit APIs through known security weaknesses and leverage legitimate means to remain undetected. This underscores the necessity of implementing a robust, proactive API security strategy -- a strategy that should not only encompass timely threat detection and incident responses but also API governance. By implementing frameworks that ensure security policies are clearly defined, continuously enforced, and regularly assessed, organizations can mitigate API risks before they can be exploited."
You can get the full report from the Salt Security site.
Image Credit: Putilich / Dreamstime.com