Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

APIs Have Changed — and They’re Changing the Security Landscape

Chris WestphalChris Westphal
Dec 18, 2020

The push for digital transformation has impacted just about every industry across the globe, and APIs are a key enabler for this transformation.  Since applications have been using APIs for a couple decades, we haven’t been as aware of  how the security implications have evolved as we are when we adopt a brand new technology.  The reality is, APIs today are very different from the web APIs of the early 2000s, and these changes impact the way we need to think about the API security landscape.

Learn why apps are built on APIs, the security risk APIs present, and best practices for securing APIs.

More APIs Than Ever

The move from monolithic applications to API-based applications has resulted in an explosion of APIs on both sides of the firewall. APIs not only power microservices environments but also are core to customer-facing web and mobile applications and are increasingly critical to connect partner ecosystems. With so many APIs at the core of modern applications, the attack surface has expanded exponentially — often without us realizing it — and in turn has created a large and growing attack surface.

More Data Exposed

APIs are becoming more important to the applications we depend on every day — everything including  video conferencing, shopping, banking, healthcare, socializing, and entertainment. Today’s applications are using more APIs than ever, and those APIs are more feature rich than ever. And developers are constantly introducing new use cases, which increases the amount of PII and other sensitive data being sent over APIs. All these changes have made APIs an extremely attractive target for attackers and a high-stakes asset for defenders to protect. To mitigate the threat, companies  need to identify the growing number of exposure points, understand what controls have been put in place, and meet compliance requirements.

Frequent Changes

APIs are a perfect fit for rapid development practices such as CI/CD.  Developers can build new applications by combining multiple APIs and update APIs quickly to add new functionality.  Rapid development creates a moving target for security teams who need to maintain an updated view of APIs, understand risk, and keep protections up to date. Traditional security approaches that depend on manual efforts simply can’t scale to meet the needs of rapidly changing APIs.

Security Required For APIs

Security solutions must keep up with the scale and rapid rate of change that come with APIs and cannot depend on traditional methods such as those that require manual policy upkeep. Automation is needed to continuously adapt to rapidly changing environments and to keep APIs protected.

Salt Security addresses the challenges of API security with big data and patented artificial intelligence (AI).  With our platform, customers continuously maintain an up-to-date catalog of all APIs, automatically identify sensitive data exposure, maintain protections without depending on policy updates, and stop attackers early during reconnaissance, even when APIs are constantly changing.

Schedule a demo to learn how Salt Security can protect your APIs.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

July 26, 2024

Hadar Freehling
Principal Solution Engineer

Salt Labs

Another API Security Breach: Life360

The latest API breach occurred on the Life360 platform where an advisory was able to gleam 400k user phone numbers.

Read more

July 24, 2024

Eric Schwake
Head of Product Marketing

Industry

How Salt Catches Low and Slow Attacks While Others Can’t

Most API security solutions are designed to stop simulated attacks in a lab environment. They fail miserably in real world, low and slow attacks which are how attacks happen in practice

Read more

July 23, 2024

Eric Schwake
Head of Product Marketing

Industry

Detecting API Threats In Real Time

Recognizing the value of the sensitive data APIs carry, attackers have adapted their tactics, necessitating a fundamental shift in the approach to API security.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Back