Access and Feeds

API Security: A Security Weak Link in Digital Transformation

By Dick Weisinger

APIs are the heart of digital transformation strategies, but they can easily become the weak link in a security strategy. APIs are often customer facing and thus readily available and can be exploited to expose business logic and sensitive data. Hacking APIs can lead to a data breach. A study by Micro Focus Fortify found that 35 percent of Web applications and 52 percent of mobile applications had issues with API security and abuse.

Michael Isbitski, a technical evangelist at API security specialist Salt Security, said that “we are absolutely seeing more API security incidents of late. Applications today are built on APIs, and you can draw a straight line from digital transformation to APIs.”

A survey by Imvision found that less than 35 percent of companies test their APIs for security issues at least monthly.

John Morello, Palo Alto Networks Vice President of Product , said that “the API is often times a thing that attackers will try to target more simply because it’s been designed explicitly to be programmatically accessible. The API mostly presents a more interesting kind of attack surface for somebody to go and probe and figure out what else it could be made to do, in addition to what it was intended to do. Since microservices and decomposed applications are really the direction you see many organizations running in, where those individual components are being explicitly designed to work together over the network, and thus are exposing more of their kind of internal mechanics over the network. It allows somebody who’s an attacker or somebody who has ill intent to really have a much wider range of endpoints, and they can probe a lot more things.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

five × 4 =