top of page

API related security incidents - a growing concern

Postman, an API platform provider, released the results of its annual State of the API Report for 2022, surveying more than 37,000 developers and API professionals around the world.


Postman's unique position as a leading platform enables them to have a sweeping overview of API usage trends across the globe. Their numbers show that APIs are a global technology trend enabling automation, enterprise data integration and overall digital transformation. Telemetry from Postman platform now shows users create and consume APIs from just about every country in the world, including Antarctica.


The industry breakdown shows it's being mainly used in Technology and IT Services, followed by banking/finance/insurance, healthcare and education sectors.


As API usage grows, it becomes obvious that the ability to automatically consume data by processes and scripts poses risks: data can be inadvertently exposed for days or months, malicious users can launch DDoS attacks against API endpoints blocking critical infrastructure; or they can test input parameters to get unauthorized access to data. Healthcare in particular looks vulnerable, as it's the sector with perhaps the most sensitive data about individual citizens.


Worryingly, the Postman survey confirms that security is becoming a serious issue: some 20% of respondents reported API security incidents or breaches at least once a month at their organization. While the overall picture was more reassuring - 52% said incidents happen less than once a year - the data underscores the importance of incorporating security early in the API lifecycle. This will mean treating APIs as part of the attack surface and mitigating risk with WAAP technology.


Interestingly, more experienced API adopters report even more frequent security incidents, with 25%

experiencing incidents at least once a month. That's probably because those users have a broader visibility and better experience to detect security events. It could also mean that API security is a bigger issue for the majority of API adopters.



Comments


Latest news

bottom of page