Security News > 2021 > July > Ignore API security at your peril

API security and performance are critical for engaging customers and increasing revenue, but recent news stories about security vulnerabilities that expose private data has brought the issue of API management into sharp focus.

In many cases, simple failures to treat API security with respect have resulted in some significant data breaches affecting millions of users.

With consumers increasingly reliant on IoT connected devices and entertainment and lifestyle subscription services, API security problems open the door to denial-of-service attacks or the mass exposure of the personal information of users.

To properly hide information that should not have been exposed through the API, such as private account details, the application code implementing the API itself should have been changed rather than simply configuring the API so that certain conditions had to be met before granting access.

Organizations should have both an API strategy and a well-managed API management platform in place so that before teams expose APIs to anybody, a thorough security review is undertaken before rolling out certain API designs.

That means having structures in place to ensure that API design, implementation, and management are done properly together with an appropriate internal API program to manage any identified API vulnerabilities in a comprehensive and fast way.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/pqTfB0ulOAg/