Articles about API

According to new research from Radware 83 percent of credential stuffing campaigns include explicit API-targeting techniques.

The report shows a shift in credential stuffing attacks, underscoring a fundamental transformation from volume-based attacks leveraging a series of repeated password attempts to more sophisticated, multi-stage infiltration techniques.

Continue reading →

According to Verizon’s 2025 Data Breach Investigations Report, API-related breaches have increased nearly 40 percent year-on-year, with broken authorization cited as one of the most exploited flaws.

Now though Intruder, a leader in attack surface management, has launched Autoswagger -- a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities.

Continue reading →

In the last few years artificial intelligence has found its way into more and more areas of our world and its progress shows no signs of slowing down.

Of course most things these days need a day to mark their achievements and today is AI Appreciation Day. So, what has AI done for us and what can we expect from it in future? Some industry experts gave us their views.

Continue reading →

Tricking applications into altering their processes or surrendering information is a highly efficient way for attackers to carry out theft or fraud while minimizing the risk of detection.

We asked Mohammad Ismail, VP of EMEA at Cequence Security, to explain how this business logic abuse is carried out and why it’s becoming a growing problem.

Continue reading →

New analysis from CyCognito of over two million internet-exposed assets, across on-prem, cloud, APIs, and web apps, identifies exploitable assets across several key industries, using techniques that simulate real-world attacker behavior.

Techniques used include black-box pentesting using 90,000+ exploit modules, credential stuffing simulations, data exposure detection, etc. The study also used Dynamic Application Security Testing (DAST) to identify runtime web application vulnerabilities, as well as active vulnerability scanning of internet-facing services to detect CVEs, misconfigurations, and exposed assets.

Continue reading →

Just as it did some years ago for its Chrome browser, Google has announced a new Canary channel for Android. Aimed at developers, the idea behind Android Canary is to provide early access to not only new features but also APIs.

Beta testing software is an exciting way to get to try out the latest features of a products faster, and it gives companies a way to try out new ideas and get feedback. While the availability of a new testing channel for Android is good news for many, there is something of a caveat.

Continue reading →

As network Application Programming Interfaces (APIs) unlock more advanced capabilities like Quality on Demand, Device Location, Number Verification, and SIM Swap, they will also support cutting-edge solutions like private 5G networks using network slicing, which grants enterprises greater autonomy and control over their wireless networks.

We spoke to Doug Makishima, advisor to the Mobile Ecosystem Forum, to discuss the impact of network APIs as well as how mobile network operators (MNOs) are moving from being 'data pipes' to adopting Network-as-a-Service (NaaS) models and what this means for the industry

Continue reading →

A new report from API and AI security solutions company Wallarm finds that of around 4,700 security issues analyzed in Agentic AI projects, 49 percent were API-related, underscoring the inseparable nature of agent and API security.

The report also finds that over 1,000 issues in Agentic AI repositories remain unaddressed. 22 percent of reported security issues remain open too, with some lingering for 1,200-plus days, highlighting a critical gap between vulnerability discovery and remediation.

Continue reading →

Automated bot traffic surpassed human-generated traffic for the first time in a decade last year, making up 51 percent of all web traffic. This shift is largely attributed to the rise of AI and Large Language Models (LLMs), which have simplified the creation and scaling of bots for malicious purposes.

The latest Imperva Bad Bot Report from Thales shows cybercriminals are increasingly leveraging these technologies to create and deploy malicious bots which now account for 37 percent of all internet traffic -- a significant increase from 32 percent in 2023.

Continue reading →

A surge in API adoption, driven by the need for organizations to modernize infrastructures and unlock new revenue streams, is contributing to the rise in API security risk according to a new report.

The study from Salt Security finds 99 percent of respondents encountered API security issues within the past 12 months and 55 percent slowed the rollout of a new application due to API security concerns.

Continue reading →

British software developer and international public speaker on software development, Martin Fowler once famously said: “Any fool can write code that a computer can understand. Good programmers write code that humans can understand.” His book on Refactoring has been a best seller for decades and is a guide on how to transform code safely and rapidly, helping developers build better code. Exactly these same principles should apply when looking to develop an API-first approach to software engineering.

But first, what do we mean when we talk about an API-first approach? This is a software development method that prioritizes the design of APIs before writing any other code, instead of treating them as an afterthought. This is different from the traditional approach, where the application code is written first, and the API is added later.

Continue reading →

A new report reveals that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks.

The survey from Wallarm, of 200 US-based enterprise leaders on AI and API security, finds over 53 percent report engaging in multiple AI deployments. These deployments are primarily enabled by API technology, cementing APIs as the foundation of enterprise AI adoption. However, while AI integration drives rapid API adoption across industries, it also introduces unique risks.

Continue reading →

Mobile and cloud security company Lookout is launching new Mobile Intelligence APIs integrating critical security data from mobile devices into the solutions already in use by enterprise security teams -- those like SIEM, SOAR, and XDR.

This is aimed at allowing security teams to identify cross-platform attacks, risky trends or abnormalities, and potential risks.

Continue reading →

GraphQL -- in case you haven't heard of it -- is a rapidly rising query and manipulation language for APIs. It's designed to make APIs fast, flexible and developer-friendly, and it moves the complexity of data fetching from the client to the server side.

We spoke to Pete Crocker, director of solutions engineering at OpsMill, to learn why it's increasingly being employed as an alternative to the more established REST API.

Continue reading →

Organizations rely on APIs to make their systems easily accessible across platforms. However, new APIs are typically less protected and less secure. New research from Wallarm shows the average time for a new API to be found by attackers is just 29 seconds.

The research used a honeypot to look at API activity and in its first 20 days in November the lngest time taken for a new API to be discovered was 34 seconds.

Continue reading →