Access the Complimentary Gartner Report
Application programming interfaces (APIs) are important tools to facilitate collaboration between data, applications, and devices. In today’s technology driven world, APIs are critical to providing an integrated, seamless user experience whether used in private or public facing environments.
However, APIs primary functions are also what makes them a significant security risk. In fact, OWASP has published a separate API Security Top 10 bulletin focused solely on API vulnerabilities. As conduits for third-party integrations, APIs are also highly susceptible to attack. In the past few months, news stories about leaky APIs have forced many big-name companies to do damage control with both their incident response and reputations.
Specialized Security Services, Inc. (S3 Security), has been assisting our clients with the evaluation and testing of their API program for several years. In fact, our CTO spoke about API testing to a record-breaking, sold out audience at the 2019 ISACA North America CACS meeting. We are passionate about security and assisting our clients with creating an effective API governance and penetration testing program.
We are excited to share with you a complimentary research article from Gartner that outlines the following key challenges to API Security:
- “Attacks and data breaches involving poorly secured application programming interfaces (APIs) are occurring frequently.
- Protecting web APIs with general purpose application security solutions alone continues to be ineffective. Each new API represents an additional and potentially unique attack vector into your systems.
- API threat protection technologies are making progress, but aren’t fully mature yet. They lack in areas, including automated discovery and API classification.
- Modern application architecture trends — including mobile access, microservice design patterns and hybrid on-premises/cloud usage — complicate API security since there is rarely a single “gateway” point at which protection can be enforced.”
We encourage you to download the complete article to learn more and discover recommended solutions from Gartner. And if you would like custom guidance, give us a call, we can help!