Security News
With concerns continuing to mount, a 451 Research and Noname Security report covers the key characteristics and security risks present in API usage today and how a holistic approach to API security provides a gateway to a frictionless user experience. Conducted in January 2022 and featuring results from IT experts representing over 350 global companies in diverse industries with 3,000+ full-time employees, the report captures the main pain points associated with API security today, the effectiveness of other enterprise-grade security solutions, and characteristics of effective API security solutions such as maintaining accurate API inventories and requiring user authentication.
With the growth in digital transformation, the API management market is set to grow by more than 30% by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. Cybercriminals are targeting APIs more aggressively than ever before, and businesses must take a proactive approach to API security to combat this new aggression.
GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning.
GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning.
Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. After analyzing some of the most interesting bot attacks throughout 2021, it's clear that attackers have come to love APIs just as much as developers.
Although many financial institutions are aware of the need for API security to support their new corporate reality, they do not really know how to approach it and especially with which tools. In the API security domain, financial organizations are looking for tools that handle the whole lifecycle.
Security analysts warn of a sharp rise in API attacks over the past year, with most companies still following inadequate practices to tackle the problem. More specifically, Salt Security reports a growth of 681% of API attack traffic in 2021, while the overall API traffic increased by 321%. These stats underline that as industries adopt API solutions, attacks against them are growing disproportionally.
An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "Simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. The attacks are said to have been orchestrated via spear-phishing messages to gain initial access, followed by taking advantage of publicly available offensive security tools and remote access software for lateral movement and maintaining access to the environment.
Nearly every software application and mobile application uses, or is, an API. Attackers are increasingly focused on APIs and this focus pays off in the form of seized data that can be parlayed into financial returns or used as malicious leverage-on brands or their customers. "APIs are a common part of enabling digital experiences in our daily lives, whether consumers realize it or not," said Gene Fay, CEO of ThreatX. "The data gathered by our survey sheds light on how API security can affect brands and reinforces how core APIs are to peoples' lives".
Tom Hickman, Chief Product Officer, ThreatX. API security is a hot topic in the industry today, but choosing the right API security solution is proving difficult for many organizations. Protocol level: Validating the API is not being abused in terms of overutilization or quota abuse generally requires proxied inspection of API requests and potentially using an API gateway to manage API business requirements.