Facebook Twitter Instagram YouTube LinkedIn
    Facebook Twitter Instagram LinkedIn YouTube
    Trending
    • Why is it Safer to Use a Prebuilt Platform for your Website?
    • Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity
    • 10 Strategies to Stop Ransomware Attacks
    • Rajiv Kulkarni Talks about the Malware Analysis Pipeline
    • IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’
    • Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases
    • BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles
    • Security Automation Cuts Down Expenses and Saves Time for IT Teams
    TechSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    • Technology
      Featured
      March 1, 20216

      Could Home Study Be Better for Education? Using Technology to Craft a Better Tomorrow

      Recent
      May 27, 2022

      Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity

      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    • Reviews
      Featured
      March 4, 20211

      Dell’s UltraSharp 40 – Improving Work and Workplaces with Monitor Innovations

      Recent
      April 7, 2022

      Dell’s Latitude 5430 Rugged – Redefining the Extremes of Mobile Computing

      October 12, 2021

      Innovating Home Video Conferencing: Dell’s New 27 Video Conferencing Monitor – S2722DZ

      September 22, 2021

      Review: Intrusion Shield

    • Podcasts
    • Security
      Featured
      March 7, 20212

      Pandemic Unmasks Vulnerability to Automated Bot Attacks

      Recent
      May 26, 2022

      10 Strategies to Stop Ransomware Attacks

      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 23, 2022

      IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

    • Microsoft
      Featured
      September 12, 20201

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      Recent
      April 8, 2022

      AI and Why Windows 12 Could Be a Far Bigger Advance than Windows 95 Was

      October 11, 2021

      The Surface Laptop Studio: Building a Windows 11 Targeted Laptop

      August 28, 2021

      Why Microsoft’s Hardware Baseline for Windows 11 Is Important

    • News & Analysis
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 25, 2022

      Rajiv Kulkarni Talks about the Malware Analysis Pipeline

      May 20, 2022

      BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

      May 20, 2022

      IBM Think 2022 – Embracing the Present, Preparing for the Future

    • Business
      Featured
      March 6, 20212

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      May 27, 2022

      Why is it Safer to Use a Prebuilt Platform for your Website?

      May 20, 2022

      Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

      May 20, 2022

      Security Automation Cuts Down Expenses and Saves Time for IT Teams

    TechSpective
    You are at:Home»Security»Drive by Downloads»Growing Attacks Underscore the Importance of API Security
    web application security API security
    Image from Pixabay

    Growing Attacks Underscore the Importance of API Security

    1
    By Kayleigh Bridges on April 13, 2022 Drive by Downloads, Malware, Security, Security Awareness

    Similar to how a mobile app is an application which runs on a smartphone, a web app refers to a software application that carries out a particular function using a web browser for a client. The first web applications date back decades, long before the internet was mainstream, but it’s during this century that they’ve really proven their worth – as seen by Google’s growing suite of cloud apps like Google Docs and Gmail. These applications give traditional standalone software packages a run for their money. They’re getting better all the time.

    Because of their visibility, web security focuses heavily on web apps. Attacks that can be leveled against web apps include SQL injections, Cross-site Scripting (XSS), Remote File Inclusion, Cross-site Request Forgery (CSRF), and others. These can be used to wreak havoc, such as stealing sensitive user data.

    But while no shortage of attention is (rightfully) based on defending web apps from attack, organizations’ web security strategies can often place less emphasis on their web APIs. Since web APIs – which are designed with automated access in mind – are just as powerful as web apps, while being arguably more vulnerable to abuse, that’s bad news for all involved.

    It’s a critical reminder of why tools like Web Application and API Protection (WAAP) are so essential. Simply put, they’re something that no organization should be without.

    Web applications and web APIs: What’s the difference?

    Web applications and Web APIs sound similar. There’s some crossover between them, too, but also notable differences. Web apps are designed for human interaction, allowing users to interact with them and presenting results in the browser window. This is the reason they’re so visible – since they’re literally designed with end user interaction in mind. A web app is a front-end application (client side), while web APIs are back-end applications (server side) which exchange data through system-to-system interactions. In their broadest terms, APIs are application interfaces, which allow one application to communicate with another in a standardized way.

    Because of their importance, web APIs are increasingly targeted by would-be attackers. A recent report showed that API attacks have increased 681 percent over the past year. The report surveyed a large number of organizations and found that almost all of them – a whopping 95 percent – had experienced some form of API security incident in the preceding 12 months. Around 12 percent of respondents reported suffering upward of an enormous 500 attacks every month.

    While these figures are terrifying enough, even scarier is the fact that 34 percent of respondents admitted to not having any kind of security strategy for APIs. Just 11 percent – a little over one in 10 repondants – said they had an advanced strategy including dedicated API protection and testing.

    The resulting widespread lack of protection will only make APIs a more attractive vector for attacks for malicious actors. Those lacking the necessary safeguards typically blamed lack of the right level of expertise or budgetary constraints.

    Defending against attacks

    It is critical that organizations do right by their users to protect against attacks which seek to exploit API vulnerabilities. This should most likely start with taking stock of the total inventory of APIs they rely on, including functions and payloads alike. They should make sure to test production APIs for potential issues like broken authorization, starting with those endpoints they class as being most critical. Any public-facing APIs must be secured during the development process, while everyone from admin to developers should be made aware of the potential risks APIs can face or pose.

    The best step that any organization can elect to take is the use of Web Application and API Protection (WAAP) services. This term, coined by Gartner’s Jeremy D’Hoinne and Adam Hils, refers to a collection of cloud-based services which can help to protect vulnerable web applications and APIs alike. WAAP includes tools like Next-Generation Web Application Firewall (Next-Gen WAF) for blocking attacking using AI and behavioral analysis, Runtime Application Self-Protection (RASP), malicious bot protection, Distributed Denial-of-Service (DDoS) protection, advanced rate limiting, and the all-important protection for microservices and APIs – among others. It’s the most comprehensive possible one-stop-shop for protecting against web app and web API attacks alike.

    Do the right thing by your users

    Attacks targeting web APIs aren’t going away. In fact, just about every report suggests that they’re ramping up all the time as cyber attackers look for ways to cause the maximum possible damage in domains where the right safeguards are not put in place. Sadly, APIs currently fit that bill. The good news is that, as noted, the right tools are available to help. Implementing and deploying these tools, which may involve seeking out the right cyber security authorities to assist, means that organizations can better defend against this threat. It’s some of the best money you can possibly spend.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleIBM’s New IBM z16 – Meeting and Anticipating Critical Enterprise Requirements, Again
    Next Article Digital Identities Power All Your Daily Interactions: Here’s How Identity and Access Management Works for You
    Kayleigh Bridges

    Kayleigh is an avid geek with a passion for technology and all things Marvel. She writes about technology and gadgets and cybersecurity--but she really wants to be Black Widow when she grows up.

    Related Posts

    10 Strategies to Stop Ransomware Attacks

    Rajiv Kulkarni Talks about the Malware Analysis Pipeline

    IDS Alliance Raises Awareness of IAM Fundamentals with the ‘CISO Chronicles’

    1 Comment

    1. Pingback: Growing Attacks Underscore the Importance of API Security - Cybernonstop

    Leave A Reply Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Site Sponsors
    Intel
    DevOps.com
    Adobe
    PopSpective
    • Technology
    • Popular
    • Top Reviews
    May 27, 2022

    Overcoming Barriers to the Metaverse Requires Ubiquitous Connectivity

    May 20, 2022

    Building Digital Accessibility: AI Requires Human Oversight to Cut Down on Algorithmic Biases

    May 20, 2022

    BlackBerry Ivy: Enabling a New Age of Electric Secure Autonomous Vehicles

    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    9.7
    November 16, 2018

    Review: BlackVue DR900S-2CH Vehicle Dash Cam

    9.5
    September 2, 2015

    Review: Microsoft Band

    May 27, 2014

    Protect your family photos with ScanMyPhotos

    Adobe
    Popular Posts
    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    PopSpective
    Coffee and Politics
    PopSpective
    Coffee and Politics
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    About

    TechSpective covers technology trends and breaking news in a meaningful way that brings value to the story, and provides you with information that is relevant to you. We offer in-depth reporting and long-form feature stories, as well as breaking news coverage, product reviews, and community content in plain English terms, and with a unique perspective on technology.

    Adobe

    © 2020 Xpective, Inc.

    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact
    © 2021 Xpective, Inc.
    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact

    Type above and press Enter to search. Press Esc to cancel.