- The report prevents vulnerabilities, exposure to data and the API authentication weaknesses, are key problems
- Many companies have been forced to slow down the deployment of the application due to API problems
- Companies can mitigate API risks before they can be exploited, say the researchers
Almost all (99%) of organizations have experienced certain API security problems in the past 12 months, and more than half (55%) have been forced to slow down the deployment of new applications due to various API security concerns, new research said.
A new Salt Security research document revealed that companies were essentially plagued by API security risks.
The vulnerabilities that expose APIs to various exploits (for example, injection attacks and authorization at the broken object (Bola)), represented more than a third of the problems (37%), similar to exposure sensitive to data (34%). The weaknesses of API authentication took third place with 29%.
Obsolete
The generative artificial intelligence added of salt has “advanced” API security challenges, because almost half (47%) of respondents expressed concerns about the security of the code generated by the AI. In addition, for two potential risks out of five (40%) introduced by the code generated by AI is a major concern. Only 11% of respondents do not consider the use of Genai applications as increasing safety.
Researchers have also determined that traditional API safety methods, in which authentication is the main defense mechanism, can no longer suffice. Almost all (95%) of API attacks in the last 12 months came from authenticated sources, and moreover, 98% of attempts at attack targeted the external APIs.
To protect themselves against “creeping” API attacks, Salt claims that companies should make governance strategies of the “essential” API posture and warn that the majority is far from this concept. He claims that only 10% of organizations currently have a strategy of governance of the API posture, similar to the previous year – but the good news is that 43% plan to implement such a strategy soon.
Given that threat actors actively abuse security weaknesses, companies must implement a “robust and proactive API security strategy”, explains Roey Eliyahu, co-founder and CEO of Salt Security.
“A strategy that should not only include detection of threats in a timely time and incident responses, but also API governance. By implementing executives who guarantee that security policies are clearly defined, permanently applied and regularly evaluated regularly, organizations can mitigate API risks before they can be exploited. »»
