"What Could Be the Cause of Growing API Security Incidents?"

Findings of Noname Security's Application Programming Interface (API) security report, "The API Security Disconnect - API Security Trends in 2022," revealed a rapidly increasing number of API security incidents, a lack of API visibility, and misplaced confidence in existing controls. In the last 12 months, 76 percent of respondents have experienced an API security incident, with these incidents primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls. Furthermore, 74 percent of cybersecurity professionals lack a complete API inventory and are unaware of which APIs return sensitive data. This suggests that if they do not have real-time granular visibility into the APIs in their ecosystems, most respondents will struggle to remediate any API security threats and will not know which ones to prioritize. According to Shay Levi, CTO of Noname Security, the company's research has revealed a disconnect between the high number of incidents, low visibility, effective monitoring and testing of the API environment, and misplaced confidence that current tools prevent attacks. This highlights the importance of additional education for Security, AppSec, and development teams on the realities of API security testing. Manufacturing and energy and utilities, which typically rely on legacy systems, performed poorly across various metrics. They had the worst percentage of API security incidents in the previous 12 months, with 79 percent of manufacturing and 78 percent of energy and utilities respondents reporting incidents of which they were aware. This article continues to discuss the key findings from Noname Security's new API security report. 

Help Net Security reports "What Could Be the Cause of Growing API Security Incidents?"