One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8370101 |
| Date de publication | 2023-08-15 10:00:00 (vue: 2023-08-15 10:06:43) |
| Titre | Pourquoi la sécurité de l'API est-elle la prochaine grande chose en cybersécurité? Why is API security the next big thing in Cybersecurity? |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. APIs, formally known as application programming interfaces, occupy a significant position in modern software development. They revolutionized how web applications work by facilitating applications, containers, and microservices to exchange data and information smoothly. Developers can link APIs with multiple software or other internal systems that help businesses to interact with their clients and make informed decisions. Despite the countless benefits, hackers can exploit vulnerabilities within the APIs to gain unauthorized access to sensitive data resulting in data breaches, financial losses, and reputational damage. Therefore, businesses need to understand the API security threat landscape and look out for the best ways to mitigate them. The urgent need to enhance API security APIs enable data exchanges among applications and systems and help in the seamless execution of complex tasks. But as the average number of APIs rises, organizations often overlook their vulnerabilities, making them a prime target of hackers. The State of API Security Q1 Report 2023 survey finding concluded that the attacks targeting APIs had increased 400% during the past six months. Security vulnerabilities within APIs compromise critical systems, resulting in unauthorized access and data breaches like Twitter and Optus API breaches. Cybercriminals can exploit the vulnerabilities and launch various attacks like authentication attacks, distributed denial-of-service attacks (DDoS), and malware attacks. API security has emerged as a significant business issue as another report reveals that by 2023, API abuses will be the most frequent attack vector causing data breaches, and also, 50% of data theft incidents will happen due to insecure APIs. As a result, API security has. become a top priority for organizations to safeguard their data, which may cost businesses $75 billion annually. Why does API security still pose a threat in 2023? Securing APIs has always been a daunting task for most organizations, mainly because of the misconfigurations within APIs and the rise in cloud data breaches. As the security landscape evolved, API sprawl became the top reason that posed a threat to API security. API sprawl is the uncontrolled proliferation of APIs across an organization and is a common problem for enterprises with multiple applications, services, and development teams. As more APIs are created, they expanded the attack surface and emerged as an attractive target for hackers. The issue is that the APIs are not always designed by keeping security standards in mind. This leads to a lack of authorization and authentication, exposing sensitive data like personally identifiable information (PII) or other business data. API sprawl |
| Envoyé | Oui |
| Condensat | become businesses the 2023 2023 survey 400 abandoned about abuses access accessed achieved across activities actors addition adopt adopting adoption advanced adversely against algorithms all allowing allows already also always amid among analysis annually another any api apis application applications approach architects architecture are article assess assessments at&t attack attacks attractive auditing authenticate authentication author authorization authorize automated average avoid became because become been behavioral below benefits besides best big billion box breaches building business businesses businesses $75 but can cannot capabilities causing challenges clients cloud code collaborate come common complex compliance compliant compromise concern concluded connected consider containers content continuous continuously contrastingly control cost costs countless create created creating critical crucial cybercriminals cybersecurity damage dast data daunting ddos decisions define denial deploying designed despite detect developed developer developers development devices difficulty discover discovering discovery distributed documented does due during emerge emerged emergence enable enables encryption endorse endpoint enforcing enhance enhances ensure ensuring enterprises environment every evolved exchange exchanges execution existing expanded exploit exposed exposing external face facilitating fail features feedback final financial finding flaws following foremost forgotten form formally forward framework frequent function further gain gateways gdpr generative gives got great hackers had happen has having help helpful helps hipaa holistic how however iast identifiable identifies identify immediate impact implement implementing improve improving inadequate incident incidents includes increased increases indicate industry information informed insecure integrating interact interfaces internal internet introduce introduced invest iot issue issues keeping known lack landscape later launch lead leading leads leveraging like limits link live locate location look loss losses mainly maintain maintaining make making malicious malware managed management matter maximize may measures mechanisms mentioned method methods microservices mind minimize misconfigurations mission mitigate modeling modern monitor monitoring months more moreover most multiple must need need to neglect new newer next non not notify number occupy often ones ongoing operational operations optus organization organizations other out outdated outside over overall overlook own party past penalties penetrate perform performing personally pii plays point policies pose posed position positions post posture potential practices presence prevalent prevention preventive prime priority proactive problem produces products programming proliferation promptly proper protect protecting proved provide provided providing proxies raises rate reason reduce reducing regular regulations reliability rely remain remediates remotely replaced report reporting reputational requires respond response responsibility result resulting reveals revolutionized rise rises rising role safeguard sast scan scanning seamless secure securing security security security: segmented sensitive service services set shadow should significant six smaller smoothly software solely solutions some source specialized sprawl standards state static stay strengthen strong such surface surveillance suspicious systems take target targeted targeting task task; tasks teams techniques technologies testing that by theft them themselves therefore these thing things third thoughts threat threaten threats tools top traffic trained transparency trust twitter ultimately unauthorized uncontrolled uncovering understand the undocumented uninterrupted units unknown untracked unwanted urgent use used users using various vector versions views visibility vital vulnerabilities vulnerability vulnerable wander way ways web which white why will within without work xdr zero zombie zta |
| Tags | Malware Tool Vulnerability Threat Cloud |
| Stories | Uber |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.