AUS
NZ
UK
CA
USA
FRA
GER
ESP
ITA
NLD
PRT
SWE
GRC
IND
POL
BRA
ZAF
RUS
CHN
UAE
Survey of 75k member APIsec University community identifies major API security challenges, top vulnerability sources, and best practices for keeping APIs secure
SAN FRANCISCO, CALIFORNIA, UNITED STATES, March 14, 2024 /EINPresswire.com/ -- San Francisco, California —APIsec University, the leading provider of no-cost, high quality API security education, unveiled today the "2024 API Security Market Report: Trends, Challenges, and Best Practices." The report presents the analysis of 2,000 survey responses plus an examination of over 50 high-profile API breaches to reveal the major security challenges, top sources of vulnerabilities, and the best practices for keeping APIs secure.
In an era where "software is eating the world," APIs have emerged as the backbone of the digital economy, facilitating seamless communication and integration across diverse platforms. According to Akamai's analysis, API calls accounted for a staggering 83% of all Internet traffic in 2019, a figure expected to exceed 90% today. Attackers have discovered APIs present ripe targets to access sensitive data, harvest millions of records, and exploit business logic flaws.
Key highlights from the report include:
3 vulnerabilities account for the vast majority of API breaches: Analysis of more than 50 documented breaches reveals that 90% resulted from weak authorization controls, lack of authentication, and excess data exposure. These flaws align with items 1, 2, and 3 of the OWASP API Security Top 10.
Major API security skills gap: 57% of survey respondents reported insufficient API security skills as a top challenge in their organizations, higher than API discovery, testing or monitoring. The popularity of APIsec University highlights the demand for API security skills.
Strong preference for “shift left” security: A resounding 78% of respondents indicated a preference for Shift Left security over Shield Right, reflecting the desire to detect and remediate vulnerabilities before releases move to production.
"With over 75,000 members in the APIsec University community we wanted to leverage the collective expertise to understand the major challenges facing the industry," remarked Dan Barahona, Co-founder of APIsec University. "The community has spoken and the message is clear - APIs present a serious threat and attackers are having success exploiting flaws to harvest millions of records regularly. However, there are very concrete actions organizations can take to protect themselves. Top of the list is to ensure API developers and product owners understand the risks and best practices for security."
The "2024 API Security Market Report: Trends, Challenges, and Best Practices" can be downloaded now at: https://www.apisecuniversity.com/2024marketreport.
APIsec University also offers no-cost API Security Workshops. These 1-hour sessions cover 1) why attackers target APIs, 2) real-world API breach analysis, and 3) how to keep APIs secure. Organizations can request workshops at: https://apisecu.typeform.com/workshop
APIsec University is hosting APISEC|CON, a conference dedicated solely to API security. The conference, scheduled May 22nd, 2024, will be held online with over 20 industry experts. Registration is free - sign up here: https://www.apiseccon.com
About APIsec University:
Through APIsec University, over 75k cybersecurity professionals, developers, and industry enthusiasts gain access to a wealth of educational content, including courses, workshops, and interactive learning modules. The platform equips learners with the skills and expertise needed to identify, mitigate, and prevent security threats across API ecosystems. All APIsec University content is free and completely vendor-neutral.
Dan Barahona
APIsec.ai
[email protected]
