Subscribe to the Salt blog to learn about the latest developments in API Security

API Security Trends 2024

The 2024 State of API Security report examines how companies are securing APIs, the challenges they face, and how their API security strategies are evolving.

Download the Report
39% of attack attempts are from authenticated attackers.

The Threat of API Attacks is Real and Growing

API security incidents have more than doubled in the past year due to the rapid increase in API usage, creating a vast and expanding attack surface for malicious actors to exploit.

Salt Labs has found that these attackers are able to bypass authentication protocols, with 61% of attackers being unauthenticated, which shows that these bad actors are using a diverse range of tactics to get the information they want — proving the need for a more complex protection strategy.

Only 46% of organizations have API security as a C-level discussion.

Don't Let API Vulnerabilities Become your Next Boardroom Crisis

The survey revealed that C-level executives increasingly recognize the importance of API security, with 46% of respondents reporting that it has become a topic of executive discussion. This highlights the growing awareness of the business risks involved in API security.

With 55% of respondents experiencing delays in application rollout due to security issues with their APIs, we’re able to see the real-world impact of inadequate API security — including delayed innovation, frustrated customers, and lost revenue.

List of security problems found in production APIs with vulnerability, sensitive data exposure, and authentication problem being the top three.

The Stark Reality of API Risks

To highlight the need for improved security measures, 95% of respondents are struggling to contain incidents relating to their APIs, and 23% of organizations have experienced a breach — which means that their sensitive data and critical systems have been compromised.

In our ever-increasing threat landscape, it is essential for organizations to prioritize specialized API security measures to safeguard their sensitive data and ensure business continuity. By doing so, they can mitigate the risk of breaches, protect their reputation, and maintain a competitive edge.

How do you compare?

Check out our 2024 State of API Security Report to find out.

Download Report
80% of attack attempts involved the OWASP API Security Top 10.

Attackers are Following the OWASP Top 10.  Are you?

The OWASP API Security Top 10 is a crucial resource for professionals working in API security, and it highlights the most common and high-risk vulnerabilities that attackers exploit. A large percentage of API attacks target these well-known weaknesses. 80% of attack attempts leverage one of more of OWASP API Top 10 methods, but only about 58% of respondents focus on this industry list.

Over 25% do not have an API posture governance strategy.

Get Ahead  of the Curve:  Master API Posture Governance

To effectively mitigate risks throughout an API's lifecycle, organizations need to adopt an API posture governance strategy, which would provide a structured framework for managing and securing the entire API ecosystem — from design and development to deployment and ongoing maintenance. Our survey revealed that only 10% of organizations currently have an API posture governance strategy in place.

Zombie APIs:  The Undead Threat Lurking in the Dark

The rapid increase of APIs and evolving threat landscape reveals an ever-growing amount of API security-related issues. Our survey reveals that zombie APIs remain a top concern amongst respondents, as attackers can exploit vulnerabilities in zombie APIs to gain unauthorized access to sensitive data, disrupt operations, or carry out further attacks within a network. The survey also found that 46% of respondents consider account takeover/misuse a top concern, highlighting the growing threat of unauthorized access to user accounts through compromised API credentials. 

Chart of API security concerns showing outdated/zombie APIs are the highest concern.
Only 7.5% describe having  an advanced security strategy.

Is your API Security Playing Catch-up?

An alarmingly low number (7.5%) of organizations consider their API security programs advanced, leaving the vast majority with significant room for improvement. Traditional methods are insufficient against modern API threats, highlighting the urgent need for organizations to enhance their API security to prevent breaches.

On average, over 60% of APIs are updated at least once a month.

Yesterday's Documentation = Today's Vulnerability

In today's fast-paced digital world, APIs are constantly changing, making them difficult to document well. An issue that arises with this constant flux is that outdated documentation and poor visibility into your API landscape can leave you exposed to security risks. The survey revealed that 38% of all organizations update their APIs at least weekly, while 12.5% make daily updates.

Only 12% of respondents feel very confident in the accuracy of their API inventory, highlighting a widespread lack of trust in their security posture. This lack of confidence is justified, given that nearly a third of respondents (29%) don't feel confident at all in the accuracy of their documentation.

Less than 15% are confident that their API  inventory provides enough detail.

Don't let PII Exposure Become a Costly Compliance Nightmare

Only 14.6% of respondents are highly confidence in their ability to identify which APIs expose Personally Identifiable Information (PII) data. The survey found that around 60% of organizations are only somewhat confident in their understanding of PII exposure through APIs, while 25% are unsure or lack confidence altogether. This presents a serious challenge for organizations, leaving them vulnerable to security incidents involving the exposure of sensitive data. 

Download the full report now

Get an in-depth analysis on the concerns, risks, and trends around API security.

Download Report