Backslash Security introduced its Fix Simulation and AI-powered Attack Path Remediation capabilities.
APIs in Peril: API Attacks Increasing
March 13, 2024
The number and severity of API attacks and vulnerabilities are increasing according to the API ThreatStats™2024 Report from Wallarm — there was a 30% increase in API-related Common Vulnerabilities and Exposures (CVEs) and security bulletins in 2023 compared to 2022.
Additionally, malicious requests involving APIs that Wallarm blocked rose significantly from 54% in 2022 to 70% in 2023.
These attacks aren't going unnoticed by the public. Half of the top 20 most mentioned vulnerabilities in Google Searches are API-related, indicating growing public awareness and concern about API security.
"The growth in malicious API requests and rising public awareness of APIs in 2023 prove that API security is growing increasingly crucial for business leaders and cybersecurity professionals to prioritize in their digital security strategies," said Ivan Novikov, CEO of Wallarm.
Source: Wallarm
Injections and API leaks dominate top API security risks
Injections, which involve malicious data or code being inserted into an API that leads to unauthorized access and data breaches, nabbed the first spot on the "Top 10 API Security Risks for 2023" list.
Although a newer entry on the list, API leaks ranked fourth due to their potential for unrestrained disclosure of sensitive data, often through negligent methods. API leaks are often overlooked, as evidenced by their absence from the OWASP Top 10 threat list.
API security bugs rule the bounty game with 62% of rewards
In 2023, most bug bounties — ethical hackers that test and challenge major companies' security systems — were for API security: 62% of all bounty payments. Notably, API-related bounties are higher in value compared to other categories. The highest payout for an API bug was $15,000, three times larger than the highest non-API payout of $5,000.
Social media platform Snapchat had the highest bug bounty payout in 2023, signifying more major players see the importance of getting ahead of critical security flaws.
API security predictions for 2024 that demand immediate action
The report predicts there will be an intensified focus on emerging API data leaks as a significant risk in 2024, emphasizing the prevention of sensitive information breaches that include API keys and JWT tokens.
There will also be a shift towards adopting novel metrics for vulnerability triaging and an increased focus on addressing broken access control and authorization (BOLA) issues in API security strategies.
Industry News
July 25, 2024
Check Point® Software Technologies Ltd. announced the appointment of Nadav Zafrir as Check Point Chief Executive Officer.
July 25, 2024
Sonatype announced that Sonatype SBOM Manager, its Enterprise-Class Software Bill of Materials (SBOM) solution, and its artifact repository manager, Nexus Repository, are now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
July 24, 2024
Broadcom unveiled the latest updates to VMware Cloud Foundation (VCF), the company’s flagship private cloud platform.
July 24, 2024
CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists.
July 24, 2024
Zesty announced the launch of its Insights and Automation Platform.
July 23, 2024
Progress announced the availability of Progress® MarkLogic® FastTrack™, a UI toolkit for building data- and search-driven applications to visually explore complex connected data stored in Progress® MarkLogic® platform.
July 23, 2024
Snowflake will host the Llama 3.1 collection of multilingual open source large language models (LLMs) in Snowflake Cortex AI for enterprises to easily harness and build powerful AI applications at scale.
July 23, 2024
Secure Code Warrior announced the availability of SCW Trust Agent – a solution that assesses the specific security competencies of developers for every code commit.
July 23, 2024
GFT launched AI Impact, a new solution that leverages artificial intelligence to eliminate technical debt, increase developer efficiency and automate critical software development processes.
July 23, 2024
Code Metal announced a $13M seed, led by Shield Capital.
July 22, 2024
Atlassian Corporation has achieved Federal Risk and Authorization Management Program (FedRAMP) “In Process” status and is now listed on the FedRAMP marketplace.
July 18, 2024
Check Point® Software Technologies Ltd. announced that it has received a Leader ranking in The Forrester Wave™: Mobile Threat Defense Solutions, Q3 2024 report.
July 18, 2024
Mission Cloud announced the launch of Mission Cloud Engagements - DevOps, a platform designed to transform how businesses manage and execute their AWS DevOps projects.
July 18, 2024
Accelario announces the release of its free TDM solution, including database virtualization and data anonymization.
