Security News

It's essential to have a robust API security posture to protect your organization from potential threats. API posture management refers to the process of monitoring and managing the security posture of your APIs.

Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. For Honda, Eaton Works exploited a password reset API to reset the password of valuable accounts and then enjoy unrestricted admin-level data access on the firm's network.

API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls.

While API security remains a top cybersecurity concern this year, there is still an alarming lack of implementation for most companies, according to Traceable AI. Companies overlook API security. With insights from more than 100 cybersecurity professionals, the study showed that though 69% of organizations claim to factor APIs into their cybersecurity strategy, 40% of companies do not have dedicated professionals or teams for API security, while 23% of respondents do not know if there is dedicated API security in their organization.

Hackers are increasingly exploiting APIs to gain access to and exfiltrate sensitive data. When you unpack this statistic, it becomes rapidly clear that APIs interact with all types of data - including sensitive data like credit card information, health records, social security numbers, etc.

In several high-profile incidents, application programming interfaces emerged as a primary attack vector, posing a new and significant threat to organizations' security posture, according to Cequence Security. "As attack automation becomes an increasingly prevalent threat against APIs, it's critical that organizations have the tools, knowledge and expertise to defend against them in real- time," Talwalkar added.

For the first time, mobile Safari was one of the leading self-reported user agents, while the volume of bots claiming to be mobile browsers increased 42.78%. In 2020 and 2021, bad bots became the pandemic of the internet as automation became more sophisticated. "Cybercriminals will increase their focus on attacking API endpoints and application business logic with sophisticated automation. As a result, the business disruption and financial impact associated with bad bots will become even more significant in the coming years," Triebes continued.

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. This feature proactively prevents leaks by scanning for secrets before 'git push' operations are accepted, and it works with 69 token types detectable with a low "False positive" detection rate.

As highlighted by Postman's 2022 State of the API Report, "89% of respondents said organizations' investment of time and resources into APIs will increase or stay the same over the next 12 months," emphasizing the confidence in the growth of API development and deployment. SBOMs play a vital role in API risk evaluation and monitoring by providing visibility into the API's underlying components, making it easier to identify potential vulnerabilities and manage risks associated with third-party dependencies.

Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery flaws and one instance of unrestricted file upload functionality in the API Management developer portal, according to Israeli cloud security firm Ermetic.