Security News > 2022 > September > What could be the cause of growing API security incidents?

Noname Security announced the findings from its API security report, "The API Security Disconnect - API Security Trends in 2022", which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced confidence in existing controls.

76% of respondents have suffered an API security incident in the last 12 months, with these incidents primarily caused by Dormant/Zombie APIs, Authorization Vulnerabilities, and Web Application Firewalls.

Shay Levi, Noname Security CTO, comments on the findings: "Our research has exposed a disconnect between the high level of incidents, low levels of visibility, effective monitoring and testing of the API environment, and misplaced confidence that current tools are preventing attacks. This emphasizes the need for further education by Security, AppSec, and development teams around the realities of API security testing."

The relative lack of testing in these critical infrastructure sectors correlates with the number of API security incidents they have suffered in the last 12 months.

Compared to 81% of CISOs saying they have experienced an API security incident, only 53% of AppSec professionals said they had. Additionally, 58% of CIOs said it was easy to scale API security solutions, while nearly a third of AppSec respondents admitted this was difficult.

"The perceived gaps around API security testing between different job functions begs the question as to whether there is a lack of consistency across organizations of what is happening on the frontline. This needs to be addressed urgently; application development needs to adopt a 'shift left' approach to security testing, so that testing is undertaken pre-production and teams need to be educated around the benefits of doing this."

News URL

https://www.helpnetsecurity.com/2022/09/22/api-security-incidents/