"20 Percent of Developers and IT Pros Say API Security Breaches Happen Monthly"

Application Programming Interface (API) security is where many security teams fall short. There are so many apps and services that rely on APIs in today's increasingly remote, modern work environments that analysts struggle to discover and secure them. Postman, an API provider, released its 2022 State of the API Report, surveying more than 37,000 developers and API professionals and discovering that 20 percent of respondents say API security incidents or breaches occur at least once per month at their organizations. In contrast, 51 percent of respondents said APIs consume more than half of their organizations' development efforts. According to the findings, organizations may need to take a higher-level approach to identifying and securing APIs if they want to prevent intrusions and reduce the risk of data breaches. In regard to the struggle to secure APIs, it is not just the large number of apps and services causing problems. It is also the fact that many organizations rely on less-optimized application security tools to mitigate API-level issues. Organizations need solutions that can automatically discover and classify APIs at scale if they want an accurate perception of their risk posture in today's fast-paced enterprise environments. According to one Gartner API security report, many API breaches share one trait, which is the breached organization being unaware of their unsecured API until it was too late. This is why the first step in API security is to identify the APIs that an organization provides or consumes from third parties. Postman's new research supports this viewpoint, stating that companies experiencing more frequent API security incidents are likely to have shadow or published APIs lacking the same safeguards as other websites. They are likely to have more legacy elements in their environment and may not fully comprehend the scope of their entire API landscape, according to Postman CEO Abhinav Asthana. Salt Security is a major player in the API security market, with its solution employing an API Context Engine (ACE) that can detect new APIs and vulnerabilities while also providing pre-production API testing. Noname Security is another competitor, with an API security platform designed to detect API vulnerabilities and misconfigurations. This article continues to discuss key findings from Postman's 2022 State of the API Report, why API security is a challenge, and the API security market. 

VB reports "20 Percent of Developers and IT Pros Say API Security Breaches Happen Monthly"