Security News > 2023 > July > Akamai Survey: API-Specific Controls are Lacking
The 2023 SANS Survey on API Security found that the top risk is phishing attacks.
The 2023 global survey, which polled 231 application security professionals, found that fewer than 50% of respondents have API security testing tools in place and only 29% have API discovery tools.
Top six API security risks API proliferation makes security challenges more complex Zero-day risks getting too much credence, misconfiguration not enough Closing the door to application layer misconfigurations Proper API hygiene: Inventories, patches, threat assessment Top six API security risks.
John Pescatore, director of emerging security trends at SANS and author of the 2023 study, pointed out that the proliferation of APIs is emblematic of how complexity is the enemy of security.
"An organization's API security plan should include building secure APIs and configuring applications correctly. At the same time, organizations should understand zero-day risks, such as how APIs become vulnerable and at risk of exploitation. The distinction is important because it shows that robust API security needs to give significant weight to every aspect of the API lifecycle; otherwise, vulnerabilities will be missed," said Chokshi.
Sixty-two percent of respondents to the survey said they use web application firewalls as part of API risk mitigation, and 79% of survey takers reported training development staff on application security.
News URL
https://www.techrepublic.com/article/akamai-survey-api-security/