20% of developers and IT professionals say API security breaches happen monthly

20% of developers and IT professionals say API security breaches happen monthly

Were you unable to attend Transform 2022? Check out all the summits in our on-demand library now! Look here.

API security is something many security teams fail to achieve. In today’s increasingly remote, modern work environments, there are so many apps and services that rely on APIs that analysts struggle to discover and secure.

Earlier this week, API vendor Postman released its 2022 State of the API report — which surveyed more than 37,000 developers and API professionals — and found that 20% of respondents say API security incidents or breaches happen at least once a month in their organizations.

In contrast, 51% of respondents also said that more than half of their organization’s development efforts are spent on APIs.

The findings suggest that organizations may require a higher-level approach to identifying and securing APIs if they want to prevent intrusions and reduce the chance of a data breach.


MetaBeat 2022

MetaBeat will bring together thought leaders to provide guidance on how metaverse technology will transform the way all industries communicate and do business on October 4th in San Francisco, CA.

Register here

Why is API security a challenge?

When it comes to the battle to secure APIs, it’s not just the scale of apps and services that creates challenges. There’s also the fact that many organizations rely on less-optimized application security tools to mitigate problems at the API level.

As modern enterprise environments move, organizations need solutions that can automatically detect and classify APIs at scale if they want an accurate view of their risk posture.

As a Gartner API Security Report explains, “many API breaches have one thing in common: the breached organization didn’t know about their unsecured API until it was too late. This is why the first step in API security is API discovery -the ones that your organization supplies, or that it uses from third parties.”

It is a perspective that Postman’s new research seems to confirm.

“Companies experiencing more frequent API security incidents likely have shadow or published APIs that don’t have the same protections as other sites. They likely have more legacy elements in their environment and may not fully understand the scope of their entire API landscape,” said Abhinav Asthana, CEO Director of Postman.

The need for greater transparency and visibility over APIs is also increased by the growing number of mobile apps.

“Many mobile apps have a number of backend APIs that are used to support it, and they are often overlooked. Attackers have been abusing these backend mobile APIs for quite some time because they are often not secured and provide much more valuable content. You can’t protect what you don’t know about, Asthana said.

The API Security Market

One of the main players in the API security market is Salt Security. The solution uses an API context engine (ACE) that can discover new APIs and vulnerabilities, while offering testing for pre-production APIs.

Another competitor is Noname Security with an API security platform designed to detect API vulnerabilities and misconfigurations, with automated detection and response capabilities.

Researchers expect the API management market to grow from $4.5 billion in 2022 to a value of $13.7 billion by 2027 as more organizations seek to secure increasingly complex decentralized work environments.

VentureBeat’s mission will be a digital town square for technical decision makers to gain knowledge about transformative business technology and transactions. Learn more about membership.

Leave a Reply

Your email address will not be published.