- Report warns vulnerabilities, data exposure and API -approval weaknesses are key problems
- Many companies were forced to slow down app ostriches due to API problems
- Businesses can mitigate API -RISICIES before they can be exploited, researchers say
Almost all (99%) of organizations have experienced some API security issues in the last 12 months, and more than half (55%) were forced to slow down the roll -out of new applications due to various API security concerns, new research has claimed.
A new research document from Salt Security found that companies are essentially plagued by API security risks.
Vulnerabilities that expose APIs to various utilities (for example, injection attacks and broken object level permit (Bola)) accounted for more than one-third of the questions (37%), corresponding to sensitive data exposure (34%). API APPROOKS DEPARTMENTS TAKED THE THROUGH PLACE WITH 29%.
Outdated practice
Salt added generative artificial intelligence has “advanced” API security challenges as almost half (47%) of the respondents expressed concern about securing AI-generated code. Furthermore, for two out of five (40%) potential risks introduced by AI-generated code, is a top problem. Only 11% of respondents do not see the use of Genai applications as a growing security.
The researchers also decided that traditional API security methods, where approval are the primary defense mechanism, can no longer be sufficient. Almost all (95%) of API attacks over the past 12 months came from approved sources and what more is 98% of attack attempts targeted external APIs.
To protect against “Rampant” API attacks, Salt says that companies should make API holding control strategies “essential” and warned that the majority is far away from this view. It claims that only 10% of the organizations currently have an API posture management strategy that has been created, corresponding to the previous year – but the good news is that 43% are planning to implement such a strategy soon.
As threat actors actively abuse security weaknesses, companies need to implement a “robust, proactive API security strategy,” said Roey Eliyahu, co-founder and CEO, Salt Security.
“A strategy that should include not only timely threat detection and incident, but also API management. By implementing a framework that ensures that security policies are clearly defined, continuously enforced and regularly assessed, organizations can mitigate API risks before they can be exploited. “
