Tag Archive for: API

New Research Confirms Need for End-to-End API Security

/in


Up until just a few years ago, web applications were the dominant platform for all things digital and APIs were tools used to address development corner cases. Driven by mobile device ubiquity, the adoption of the cloud, and the move towards agile, more iterative microservices-based development methodologies, APIs are now the connective tissue for everything we do digitally. The apps we use on our devices for work and pleasure, our favorite shopping, money management, travel web site, and even the cars we drive all use APIs heavily.

Built for machine to machine communications and inclusive of the desired function and payload, developers have come to love APIs for their ability to connect application elements and cloud services together quickly to create engaging user experiences. Attackers, who are developers at heart, love them for the same reasons, but with malicious end goals in mind. To dig into the details behind the explosive use of APIs, the security challenges they represent and how best to address those challenges, Cequence Security recently teamed with ESG to conduct a survey of 366 IT and cybersecurity professionals.

Cybersecurity Live - Boston

Containers and Cloud Drive API Growth

The survey found that over the next two years, organizations using APIs solely for their web and app development will nearly triple and 41% will use APIs for most of their development, nearly double that of today. Factors driving API usage include the move towards iterative, modular application development methodologies where APIs connect different components to each other. As a proof point, 71% of respondents stated that in two years, at least half of their apps would be microservices based, growing significantly from the current 39%.

API usage

Validating the trend towards deploying the applications where it makes the most sense, cloud vs. datacenter vs. hybrid, 35% of organizations stated that 30% or more of their apps and websites were deployed in the cloud currently, growing to 67% of organizations in two years. In summary, the usage of cloud-native, microservices-based architectures will outpace the growth of cloud-resident applications, meaning many organizations will support hybrid application environments.

API…

Source…

Salt Security – the API Security Disruptor and Globee Gold Winner

/in


For the second year in a row, Salt Security has snagged the Globee® gold award in the Disruptor Company Awards. Judges from around the world, representing a wide spectrum of industry experts, participated in the judging process, and Salt Security earned this honor in the category of Cyber Security Software.

Given that Salt created the entire API security category, I love this industry recognition of our disruptor status. We clearly live out the definition –  a company creating a new market and, in the process, shaking up the status quo. Globee describes its criteria for the award as follows:

Cybersecurity Live - Boston

“Disruptors are highly persistent, mostly beginning from scratch without the constraints of traditionally accepted processes or business models. They use technology and modern tools to achieve end results. Disruptors do things differently and are not hindered by existing ways or industry stalwarts. They are ready to take on an enormous challenge and find solutions for the biggest pain points customers experience.”

We take so much pride in this label! Our CEO, Roey Eliyahu, always talks about the early days, “when we were the crazies out there, the only ones talking about the risks that APIs present and how vulnerable companies were on this front.” In Roey’s years in one of the most elite cybersecurity units of the Israel Defense Forces (IDF), when his charter was offensive and defensive hacking of the government’s military and civilian systems, he found APIs the easiest way to break in.

He also realized that as common as APIs already were, companies’ use of them would only grow. Mobile development, digital transformation, cloud migration, app modernization – they’re all driven by APIs. We’re using more APIs than ever, and they’re more capable than ever – raising the stakes for protecting them.  

Our digital lives run on APIs. By understanding the importance of APIs in today’s digital world – and by pinpointing the security weaknesses early on – Salt Security created this critical market of API security. We were first to market with our API Protection Platform – many have followed in our footsteps, but Salt remains the only company delivering the…

Source…

What is API Security? – Security Boulevard

/in


Today’s world is software-driven — from banking to posting on social media, all the most common activities are built on digital foundations. And, increasingly, that software is held together by an intricate web of application programming interfaces (APIs).

No matter your organization’s size and industry, it’s likely running numerous API-powered software tools. In fact, you may be surprised just how many APIs are running under the hood of your networks, applications, and databases.

Cybersecurity Live - Boston

This ubiquity of APIs raises an important question: What are you doing about API security? This is the kind of query every company has to find an answer to because it’s no longer enough to assume that the access and security control methods developed to protect software are up to the task of detecting or closing an API vulnerability.

When an IT security team is unable to keep up with API security — due to a variety of factors from distributed development or poor coding practices to a lack of process documentation — these interfaces can be a large and risky attack surface. Bad actors won’t hesitate to exploit such a target. Developing an actionable strategy to protect your APIs is an essential response to the security climate as it exists right now.

The Importance and Challenges of API Security

APIs are everywhere, and the numbers back it up. Cequence’s research has revealed that out of 21.1 billion app requests made over six months, 70% came from APIs — that’s 14.4 billion requests.

Developers are rolling out new software functionality and iterating as quickly as possible. Many have turned to APIs as a favored method of creating seamless communication between different systems. Building out online functionality is much simpler with an API, which contains all the necessary commands, payload and data to build out an engaging experience in a way that’s both fast and effective.

The convenience of API-based design has led to them becoming part of every type of business application imaginable, from e-commerce inventory solutions to mobile app connections and payment portals. Companies are turning to API-based solutions to handle increasingly large numbers of business-to-business…

Source…

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

/in


APIs have become a security nightmare for SMBs and enterprises alike.

Hackers don’t discriminate based on the number of employees or the size of the IT budget. The same types of security risks impact businesses, whatever their size.

Related: Using employees as human sensors

Day in and day out, small-to-medium businesses are targeted by cyberattacks. They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. A primary culprit of these attacks is the lack of understanding of application programming interfaces, or APIs.

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

These types of attacks can allow hackers to steal massive amounts of sensitive data, disrupt operations, and even take down websites. To protect against these attacks, businesses need to implement a wide range of strong API security measures such as authentication, authorization, encryption, and vulnerability scanning. The sheer number of options has a direct impact on the budget.

The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security. Storing authentication credentials for the API is a significant issue. This can be compounded by certain enterprises using the Internet of Things (IoT) that don’t have good security.

Sitbon

Companies are realizing that they have to keep putting out fires on personal devices, leaving them vulnerable to attacks. The other issue with APIs is that once one is compromised, it’s likely that all of your accounts are affected because whoever does gain access will just use your username and password to log in to other sites, apps, etc.

The threat that API security breaches pose to enterprises should not be taken lightly. A breach should always trigger a comprehensive crisis communication plan involving the board, C-suite, and other stakeholders. This communication plan should specify how governing bodies will stay informed should there be a data breach…

Source…