- Report warns vulnerabilities, exposure to data and API authentication weaknesses are key problems
- Many companies were forced to reduce applications reduction due to API problems
- Companies can mitigate API’s risks before they can be exploited, researchers say
Virtually all (99%) of organizations have experienced some API security problems in the last 12 months, and more than half (55%) were forced to stop the deployment of new applications due to various security concerns of API, has claimed a new investigation.
A new research work by Salt Security discovered that companies are essentially affected by API’s security risks.
The vulnerabilities that expose the APIs to several exploits (for example, injection attacks and broken authorization at object level (ball)), represented more than a third of the problems (37%), similar to exposure to confidential data (34%). API’s authentication weaknesses took third place with 29%.
Obsolete practices
Salt added generative artificial intelligence has “advanced” API security challenges, since almost half (47%) of respondents expressed concern about ensuring the code generated by AI. In addition, for two out of five (40%) potential risks introduced by the code generated by AI is a main concern. Only 11% of respondents do not see the use of Genai applications as a growing security.
The researchers also determined that traditional API security methods, in which authentication is the main defense mechanism, can no longer be sufficient. Almost all (95%) of API attacks in the last 12 months come from authenticated sources, and what is more, 98% of attack attempts were directed to External API.
To protect against “rampant” API attacks, Salt says that companies should make governance strategies of the “essential” API position and warned that most are far away from that notion. He states that only 10% of organizations currently have an API posture government strategy established, similar to the previous year, but the good news is that 43% plans to implement such a strategy soon.
Since threat actors are actively abusing security weaknesses, companies must implement a “robust and proactive API security strategy,” says Roey Eliyahu, co -founder and SALT security CEO.
“A strategy that should not only cover the detection of timely threats and incident responses, but also API governance. When implementing frames that guarantee that security policies are clearly defined, regularly applied and evaluated, organizations can mitigate API’s risks before they can be exploited. ”
