Application programming interfaces (APIs), which enable communication between different applications and between applications and end-users, are more common than ever. In fact, nearly 90% of developers now use APIs. But as they’ve become more ubiquitous, they’ve also become easier to exploit.
The threat, Gartner predicts, is that API attacks will become the most frequent attack vector this year, causing data breaches for many enterprise web applications.
According to Patrick Evans, CEO of leading cyber security solutions provider SLVA Cybersecurity, “You cannot simply monitor APIs in use anymore, and pre-production testing comes with its own time and labour challenges when you begin to scale APIs.”
“With the exponential development of APIs, logic flaws tend to enter production, creating great risk that results in delays, extra expense and potentially even greater reputational risk,” says Evans.
A report published in March 2022 showed that nearly all respondents (95%) experienced an API security incident in the year leading up to the survey. Because of this, 62% of organisations had to slow the rollout of a new application into production because of API security concerns.
Evans proposes the automation of API testing as the only viable solution to assist organisations with a marketplace of 100s, if not 1000s of APIs. “APIs play a critical role in enabling revenue, innovation, and deploying services at scale,” says Evans. “But quick to market and easy to deploy should never be at the expense of security. SLVA has partnered with APIsec, a specialist API security company dedicated to continuous, automated API security testing, to become a reseller of these solutions.”
“The problem with APIs – even those that have been tested before production – is that traffic through them all appears to be legitimate. APIsec uses artificial intelligence logic to detect every possible threat vector rather than just the typical ones that normal security will check,” explains Evans.
Furthermore, APIsec does this while the API is in development and testing – before it reaches production. “Penetration testing is a huge milestone for most API developments, and it can potentially set projects back by months if vulnerabilities are found. APIsec mitigates this ever happening and shuts any loopholes that normal testing might have overlooked,” he adds.
When more than half of the surveyed companies deploying APIs had a basic or no API security strategy in place, APIsec’s solutions automatically catapult vulnerable APIs into the realm of the thoroughly tested, super-secure and quick to deploy.
SLVA’s leadership team has more than three decades of experience in the cyber security industry globally, and as such, they know what solutions are required to eliminate often-overlooked threat vectors. Says Evans: “We chose to partner with APIsec because this solution is tailor-made to mitigate the most important threats to APIs, alleviating the complicated burdens that CISOs face in organisations today.”