Articles about API

Whether security leaders oversee a small security team or an enterprise-scale team spread over numerous security operations centers (SOCs), building and maintaining integrations with other tools in the tech stack can be difficult and time-consuming.

The average business integrates approximately 75 different security products and often multiple public, and private cloud services into its technology stacks. Many dynamic factors are at play with integrations, from versioning and version control to the constant evolution of Application Program Interfaces (APIs).

Continue reading →

Analysis of around a trillion API transactions spanning a range industries over the second half of 2022 by Cequence Security seeks to highlight the latest API threat trends plaguing organizations.

In the second half of 2022, approximately 45 billion search attempts were made for shadow APIs, marking a 900 percent increase from the five billion attempts made in the first half of the year.

Continue reading →

A global analysis of automated bot traffic across the internet finds that in 2022, almost half (47.4 percent) of all internet traffic came from bots, a 5.1 percent increase over the previous year. At the same time the proportion of human traffic (52.6 percent) decreased to its lowest level in eight years.

The report from Imperva shows the volume of bad bot traffic has grown for the fourth year in a row, presenting a significant risk for businesses. The level of activity in 2022 is the highest since Imperva produced its first Bad Bot Report in 2013.

Continue reading →

The challenges that the global business community has faced in the last few years have been unprecedented. A pandemic, inflation, an energy crisis, war, an economic downturn, and fragmented and delayed supply chains have all created issues for organizations and have left no industry, market, or region untouched.

Yet, despite these issues, our digital ecosystems and footprint grows ever bigger and increasingly complex. The global digital transformation market was worth $731.13 billion in 2022, and it is now expected to grow at a CAGR of 26.7 percent by 2030; driven in the main by businesses trying to gain competitive advantage. However, it is the size and intricacy of our digital world that makes cyber risks and threats both more present and more potent.

Continue reading →

The latest State of API Security Report from Salt Security shows a 400 percent increase in unique attackers in the last six months.

In addition, around 80 percent of attacks happened over authenticated APIs. Not surprisingly, nearly half (48 percent) of respondents now say that API security has become a C-level discussion within their organization.

Continue reading →

Technology continues to advance at an unprecedented rate. The development and use of Application Programming Interfaces (APIs) being a particularly notable example.

The latest Salt Labs State of API Security report found that overall API traffic increased 168 percent over 12 months, with API attack traffic increasing by 117 percent in the same time period. Perhaps understandably, many CISOs are struggling to keep up.

Continue reading →

APIs need to be discussed in terms of business impact. For too long, the API (application programming interface) has been considered a pure technology topic. But with the need to digitize core business operations and deal with rising security threats, business and technology leaders must elevate API strategic discussions. Meanwhile, organizations need to end the hotchpotch of APIs that act as point solutions and adopt a modern integrated platform approach to APIs that will deliver business optimization and improve the customer experience. 

 It is essential to look at the effect of APIs on the business, particularly as organizations deal with the three big impacts of war, recession, and inflation, which are putting pressure on all types of business. Moreover, APIs are a central pillar of three trends: digital transformation, improving data access and sharing and enhancing the customer experience, which were identified in a study we recently commissioned with research firm Vanson Bourne.

Continue reading →

Most organizations are now embracing APIs to provide flexible connectivity between systems, making it easy for developers to get started and build digital products. While developers everywhere are, of course, familiar with API lifecycle management -- a major challenge is how to fully operationalize it.

In order to address this key issue, we must first break down precisely what API lifecycle management is. Essentially, it can be viewed as a set of operational activities that can be split into the following categories: Business Operations, Product Operations and Platform Operations, which include DevOps and InfraSecOps. So, how can organizations focus on API delivery across these categories to achieve and sustain success? There are several foundational requirements:

Continue reading →

Most of us are familiar with the old proverb "for want of a nail, the shoe was lost; for want of a shoe, the horse was lost; for want of a horse, the battle was lost…" and so on. The object lesson is that small and sometimes apparently unimportant objects or actions can have outsized impacts if they are not properly attended to.

So, it is with Application Programming Interfaces or APIs. They are the 'horseshoe nails' at the heart of modern business.

Continue reading →

Research from Salt Labs has highlighted two API security vulnerabilities discovered within BrickLink, a digital resale platform owned by The LEGO Group.

BrickLink is the world's largest online marketplace to buy and sell second-hand LEGO. The API security flaws could have allowed for both large-scale account takeover (ATO) attacks on customers' accounts and server compromise to allow bad actors to take control of accounts and steal personal details.

Continue reading →

APIs allow products and services to communicate with each other and have become essential to digital transformation projects as they make it easy to open up application data and functionality to third-party developers and business partners, or to departments within the enterprise.

Where legacy systems are involved though it's often necessary to modernize the API infrastructure to ensure things work smoothly and this can lead to serious challenges, especially where security is concerned.

Continue reading →

API security is a major challenge for IT teams, traditional solutions are often fragmented, leading to the need for multiple products and added complexity and cost.

Israeli cybersecurity startup Wib is launching a holistic API security platform to bring complete visibility and control across the entire API ecosystem from code right through to production.

Continue reading →

Digital transformation initiatives have been a top priority for several years in most companies. However, while such programs are considered a necessity for the long-term survival of most businesses, they haven’t always been prioritized or given the resources they deserve. 

That all changed with the COVID-19 pandemic. Today, according to analyst Gartner, customers expect companies to accelerate digital initiatives due to COVID-19 and all industries are experiencing widespread digitization. In turn, this is accelerating the adoption of thousands of new APIs. That’s because the drive to make services digital is no longer a nice to have but business critical. Even post COVID, with some businesses opting for a hybrid work environment, we are seeing that acceleration continue. Put simply, as they race to catch up, organizations are digitizing and innovating faster than ever before.

Continue reading →

Over three-quarters (76 percent) of respondents in a new survey have suffered an API security incident in the last 12 months, primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls.

The research from Noname Security also shows that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs return sensitive data.

Continue reading →

Data breaches, cyberattacks and security concerns are growing exponentially in the digital climate, as new development practices, extra languages, and structural frameworks appear -- compounded by geopolitical tensions giving rise to state sponsored attacks. In 2022 to date, 39 percent of UK businesses have already experienced the disruption and costly consequences of cyberattacks. Some of the largest enterprises, such as Microsoft, T-Mobile, and Vodafone, have experienced attacks by highly organized groups, such as Lapsus$.

With the scale, type of attacks and target industries constantly evolving, the healthcare sector has joined financial services and the public sector in becoming a lucrative target. Healthcare data breaches reached an all-time high in 2021, impacting 45 million people -- personal health information (PHI) became worth more than credit card information on the dark web. Attack approaches are constantly evolving, with hackers searching for any weak links in growing infrastructure.

Continue reading →