Articles about API

Globally, the average number of DDoS attacks per customer grew by 94 percent in 2023, according to a new report from Radware.

"The technological race between good and bad actors has never been more intense," says Pascal Geenens, Radware's director of threat intelligence. "With advancements like Generative AI, inexperienced threat actors are becoming more proficient and skilled attackers more emboldened. In 2024, look for attack numbers to climb and attack patterns, like the shift in Web DDoS attacks, to continue to evolve."

Continue reading →

Attacks targeting the business logic of APIs made up 27 percent of attacks in 2023, a growth of 10 percent since the previous year. Account takeover (ATO) attacks targeting APIs also increased from 35 percent in 2022 to 46 percent in 2023.

This is among the findings of a new report from Imperva which shows API traffic constituted over 71 percent of web traffic last year. While there are benefits of APIs in allowing seamless connectivity, enhancing online experiences, and driving innovation, their widespread adoption leads to new security challenges.

Continue reading →

The overwhelming majority of organizations (91 percent) have experienced a software supply chain incident in the past 12 months, according to a new report.

The study from Data Theorem and the Enterprise Strategy Group surveyed over 350 respondents from private- and public-sector organizations in the US and Canada across cybersecurity professionals, application developers and IT professionals.

Continue reading →

Microsoft has added yet another bug bounty program to its growing portfolio. With the launch of the Microsoft Defender Bounty Program, the company is offering financial rewards to researchers who "uncover significant vulnerabilities" in its range of security products and services.

The program is focused solely on vulnerabilities of Critical or Important severity, and Microsoft is putting up rewards of between $500 to $20,000 for eligible submissions. Starting off somewhat limited in focus, the aim is to open up the program to have a wider scope further down the line.

Continue reading →

APIs are unseen. They are not typically a technology that end users interact with directly and are somewhat hidden from their day-to-day activities. Therefore, user understanding of API vulnerabilities and the impact an API security incident could have, when it comes to data breaches, is often lacking.

While data breaches are big news, what regularly isn’t reported is the way in which some of these incidents happen. But the reality is that for many data breaches, the weak links, more often than not, are APIs and improper security around those APIs.

Continue reading →

While much literature has been written on best practices for systems architecture, the desired outcomes have been as elusive as they have been sought after. The de-facto standard for enterprise systems that exists in reality is often closer to A Big Ball of Mud.

Very rarely is an organization’s technology (the infrastructure, the software or the set of systems powering the organization) planned as the state in which we see it today. All early systems need to scale, and most companies in the growth phase don't have the bandwidth to deal with this graciously.

Continue reading →

With the increasing reliance on APIs, detecting suspicious API traffic has become crucial to ensure the security and integrity of these interactions. Suspicious API traffic poses a huge threat to the overall system and its data, the traffic can indicate malicious intent such as unauthorized access attempts, data breaches, or even potential attacks targeting vulnerabilities in the API infrastructure.

API traffic refers to the data and requests that are transmitted between different applications or systems using APIs. This allows software programs to communicate and exchange information, enabling seamless integration and interaction between various platforms. API traffic also involves the transfer of data, such as requests for data retrieval or updates, between the client application and the server hosting the API. 

Continue reading →

Application Programming Interfaces (APIs), which act as the glue connecting systems and applications together, are now the number one attack target for cyber criminals. Attack methods have changed over recent years, however, prompting the OWASP API Security Project to revise its API Security Top 10 of attack types for 2023.

But do the tactics, techniques and procedures (TTPs) it covers still serve as a blueprint for defense? We spoke to Jason Kent, hacker in residence at Cequence Security, to find out if the top 10 is liable to see defenders take too narrow an approach.

Continue reading →

As APIs emerge as the unsung heroes behind modern software development for their ability to accelerate innovation and streamline processes, it’s no secret or even a surprise that API security is a lingering problem that the broader cybersecurity industry has yet to fully solve. Since abandoning the use of APIs is not a viable option, organizations need to focus on building strong AppSec programs that give the teams developing with APIs, the structure and tooling to ensure connections are secure and software deployed is safe.  

To be most effective, organizations need to prioritize designing security best practices into development workflows from the beginning and by adopting secure-by-design based principles.

Continue reading →

In today's increasingly digitally-centered organizations, the development of products, services, and solutions increasingly depends on the implementation of Application Programming Interfaces (APIs).

APIs have become the building blocks of modern business applications and are critical to digital transformation -- so much so that API security has become a boardroom issue.

Continue reading →

Mega tech trends like the cloud, the mobile phone era, metaverse and now AI all depend on enabling technologies sitting right beneath the surface hidden from nearly everyone’s view. Their structural integrity depends on the flawless operation of those enabling technologies, which in many cases are Application Programming Interfaces (APIs). As such, their success depends on API adoption. Nowhere is this truer than in the rapid proliferation of AI technologies, like generative AI, which require a simple and very easy-to-use interface that gives everyone access to the technology. The secret here is that these AI tools are just thin UIs on top of APIs that connect into the highly complex and intensive work of a large language model (LLM).

It’s important to remember that AI models don’t think for themselves, they only appear to be so that we can interact with them in a familiar way. APIs are essentially acting as translators for AI platforms as they’re relatively straightforward, highly structured and standardized on a technological level. What most people think of as "AI" should be viewed through the lens of an API product; and with that mindset, organizations can best prepare for what potential use cases are possible and how to ensure their workforces have the skills to put them into action.

Continue reading →

Financial services firms deploy an increasingly complicated mix of technologies, systems, applications, and processes to serve customers and partners and to solve organizational challenges. Focused heavily on consumer hyper-personalization, banks are evolving more and more digital assets and services to meet and exceed growing customer experience expectations. 

As a result, the modern banking environment is heavily reliant on APIs to the point that they are now indispensable. APIs allow financial banks to connect with their ecosystem, while inspiring innovative developers to create new products, improve existing services, and work more efficiently. 

Continue reading →

In today’s fast-paced development environment, a comprehensive API security testing strategy is no longer a luxury, but a necessity. Testing your APIs for security gaps ensures that your APIs functions are reliable, secure, and perform as expected under different circumstances. It helps to identify issues such as incorrect data formats, missing or inaccurate data, and faults in authentication or authorization.  

Proper API testing can also help to minimize downtime, reduce the risk of errors, and improve the overall quality of the software system. However, it’s important to note that comprehensive API security testing is a discipline in and of itself.

Continue reading →

Today’s digital-first economy has transformed the role of the modern CISO, increasing threats and changing security priorities. New research from Salt Security shows that 89 percent of CISOs report that the rapid deployment of digital services has generated unforeseen risks to securing critical business data.

The study of 300 CSOs and CISOs around the world reveals the top risk as being personal liability and litigation resulting from security breaches, with 48 percent of CISOs citing that challenge.

Continue reading →

The security of APIs remains a top cybersecurity concern this year, according to a new study, yet there is still a lack of dedicated API security for many companies.

Research from TraceableAI, carried out at this year's RSA conference, finds that though 69 percent of organizations claim to factor APIs into their cybersecurity strategy, 40 percent of companies do not have dedicated professionals or teams for API security.

Continue reading →