The research additionally revealed that solely 29% of the organizations use API safety controls which are included in DDoS and cargo balancing companies.
Phishing and lacking patches recognized as best dangers
Survey respondents ranked phishing and lacking patches as the highest two API safety dangers. Whereas 38% noticed phishing to acquire reusable credentials as their prime API safety threat, exploitation of lacking patches was thought-about a primary menace by 24%.
“API infrastructure issues, like lacking patches, turn into API safety issues as a result of the API is left extra susceptible. Phishing is a broader safety concern that may additionally happen within the realm of APIs,” Chokshi stated.
Different respondents feared completely different threats, together with exploitation of susceptible APIs (12%), misconfiguration of servers (12%), and unintentional disclosure of delicate information by customers (9%).
Threat mitigation
Sixty-two % of respondents are utilizing net utility firewalls as a part of API threat mitigation. Amongst these firewalls, the main merchandise used are Acunetix, Akamai, AWS Protect, Azure WAF, Checkpoint, Cisco, Cloudflare, and ModSecurity.
Greater than three quarters (76%) of the organizations prepare improvement employees on utility safety, with most citing Open Internet Software Safety Venture (OWASP) Software Safety and API High Ten lists, and the MITRE ATT&CK Framework as the idea for outlining utility and API threat.
