Security News > 2024 > July > Organizations use outdated approaches to secure APIs

Web applications and APIs allow ecommerce sites to accept payments, healthcare systems to securely share patient data, and power activities we do on our phones.

"Web applications are rarely built with security in mind. Yet, we use them daily for all sorts of critical functions, making them a rich target for hackers," said Matthew Prince, CEO at Cloudflare.

DDoS remains the most leveraged threat vector to target web applications and APIs, comprising 37.1 % of all application traffic mitigated by Cloudflare.

Traditional web application firewall rules that use a negative security model-the assumption that most web traffic is benign-are most commonly leveraged to protect against API traffic.

Far fewer organizations use the more widely accepted API security best practice of a positive security model-strict definitions on traffic that is allowed, rejecting the rest.

As web development has largely shifted to allow these types of third-party code and activity to load in a user's browser, organizations are increasingly exposed to supply chain risk and liability and compliance concerns.

News URL

https://www.helpnetsecurity.com/2024/07/04/modern-applications-risks/