Articles about API

According to a new report 94 percent of companies have experienced security problems in production APIs in the past year, with 20 percent saying the organization suffered a data breach as a result.

The latest State of API Security Report from Salt Security also finds that found that API attack traffic has more than doubled in the past 12 months with a 117 percent increase. In the same period overall API traffic grew 168 percent, highlighting the continued explosion of enterprise API usage.

Continue reading →

There is an urgent need to make application programming interfaces (APIs) efficient and utilized more effectively. This need is being driven by the rapidly increased rate of digitization that customers and business lines are demanding from CIOs and CTOs. APIs are a powerful tool that can be employed to deliver competitive advantage and market differentiation, the two biggest demands being placed on the technology team.

The Covid-19 pandemic has accelerated the digitization of society and, therefore, vertical markets. In order to remain competitive, organizations have increased the pace at which they are digitizing their business processes, which had begun prior to 2020 but sped up significantly in response to the pandemic. Management consultancy McKinsey reports that businesses with high-performance technology teams have achieved market differentiation. Technology in these organizations creates revenue and allows the business to adapt to market changes. Three-quarters of organizations with high-performance technology teams told McKinsey that digital transformation projects had achieved cost reduction and improvements in the employee experience and two-thirds of surveyed businesses had increased revenue from existing channels; half had created new revenue streams -- typically digital channels.

Continue reading →

One of the key announcements at Apple's developer conference earlier this week was around improvement to the privacy-focused to the SKAdNetwork API.

These are aimed at providing ad networks and developers with the ability to better measure how ads perform while still preserving user privacy.

Continue reading →

A survey of over 400 CISOs finds they are are grappling with a wide range of risks and challenges, especially linked to accelerating utilization of technologies like cloud-based applications and the use of Application Programming Interfaces (APIs).

The study from CISOs Connect, an invitation-only community of cyber experts and part of Security Current, finds the IT components rated as most needing improvement are: APIs (42 percent), cloud applications (SaaS) (41 percent), and cloud infrastructure (IaaS) (38 percent).

Continue reading →

Compliance with the EU Payments Services Directive (PSD2) is the next key milestone in the continued evolution of open banking. This evolution involves a new set of rules that will change how we confirm our identity when making purchases online.

The implementation of strong customer authentication (SCA), on top of existing open banking capabilities, will require merchants and payment service providers (PSPs) to work together with technology suppliers, card schemes and many others to deliver SCA in a way which works well for customers.

Continue reading →

Malicious API traffic has increased 681 percent in the last year, set against a 321 percent increase in overall API traffic.

A new report from API security specialist Salt Security shows 95 percent of surveyed organizations have experienced an API security incident in the past 12 months.

Continue reading →

APIs power many of today's digital experiences, connecting consumers to businesses and businesses to one another while enabling cross-platform services.

But as APIs spread so do the risks, they have quickly become the attack vector of choice for threat actors who exploit insecure APIs for malicious purposes. A new report from ThreatX takes a detailed look at how API use impacts on consumers.

Continue reading →

We increasingly rely on APIs to deliver the smooth sharing of information between applications. But their very functionality and ease of use is also a gift to attackers.

A recent report from Cequence Security shows that 80 percent, or 1.8 billion, blocked attacks between June and December 2021 were found to be API-based. At the same time APIs exposing sensitive data like payment (PCI) or personally identifiable information (PII) have increased by 87 percent.

Continue reading →

The majority of data breaches are down to compromised credentials that allow privileged access to corporate systems, in particular infrastructure secrets such as API keys, certificates, database passwords and access keys.

Keeper Security is launching a new solution to help businesses in securing these secrets. Keeper Secrets Manager is cloud-based, fully-managed and uses innovative security architecture.

Continue reading →

A new study from RapidAPI reveals that 68 percent of developers expect to increase their API usage in 2022.

The report, based on responses from over 2,200 individuals, shows 61.6 percent of developers are already relying on APIs more in 2021 than in 2020. In addition 75.5 percent say that participating in the API economy is a top priority for their organization now or in the near future.

Continue reading →

As digital transformation projects roll out, APIs are more critical than ever to build modern applications. But as we reported last week they also create security headaches.

Security testing specialist Veracode is addressing this with the launch of a new scanning tool that enables organizations to find and fix vulnerabilities in APIs.

Continue reading →

Over the last year at least 44 percent of respondents to a new survey faced substantial issues concerning privacy, data leakage, and object property exposure with internal or external-facing APIs.

The study for Cloudentity, based on research carried out by PulseQA, shows that as a result of these issues, 97 percent of enterprises have experienced delays in releases of new applications and service enhancements due to identity and authorization issues with APIs and services.

Continue reading →

The benefits of shift-left approaches in security are well-documented, to the point where they have become common practice. This practice helps ensure that more coding quality and security issues are found before the code is released into production, saving time and money and reducing risk. However, not all security risks can be identified and eliminated in pre-prod.  This reality is particularly true with APIs, where the security risks associated with their widespread use and abuse is a significant concern. Experts from Gartner predict that by 2022, API abuse will become the most common attack vector.

Recent API incidents have already validated this prediction many times over. Starting in 2021, 90 percent of web-enabled applications will be exposed via APIs rather than the user interfaces. Without a balanced approach to protecting APIs, one that goes beyond just pipeline scanning and other shift-left practices, organizations will continue to suffer API security gaps that leave them exposed.

Continue reading →

APIs are designed to be fast and easy pipelines between different platforms. They offer convenience and user experience which makes APIs essential to many businesses, but it also makes them attractive targets for cybercriminals.

A new report from Akamai, produced in collaboration with Veracode, highlights the frustrating pattern of API vulnerabilities, despite improvements that have been made in software development life cycles (SDLCs) and testing tools.

Continue reading →

New research from MuleSoft shows 54 percent of UK businesses say Brexit has presented them with data access and management challenges.

The problem isn't just a British one though. 40 percent of German and 39 percent of French businesses also report that Brexit has made it more difficult for them to access and manage data.

Continue reading →