The latest Salt Labs State of API Security report is out, and we’re excited to share with you some of the key findings. The security industry news has frequently covered high-profile application programming interface (API) breaches over the past few years, so it’s no surprise that our research found that attackers have upped their activity. Salt Labs analyzed the past year of Salt customer data and found a 400% increase in unique attackers just over the last six months alone. In addition, we found that 78% of attacks happened over authenticated APIs.
The Q1 2023 report also revealed that 94% of survey respondents experienced security problems in production APIs in the past year, with 17% stating their organizations suffered a data breach as a result of security gaps in APIs. Not surprisingly, nearly half (48%) of respondents now state that API security has become a C-level discussion within their organization.
As always, the State of API Security Report pulls from a combination of survey responses and empirical data from Salt customers. This year’s report provides our deepest insights yet with “in the wild” API vulnerability research that demonstrates how respondents’ top concerns in API security manifest in real-world scenarios.
Other key highlights from the fifth edition of the report include:
API security has become a critical business issue for survey respondents' organizations, as indicated by application rollout delays, heightened awareness of API security breaches, and a lack of confidence in existing API security approaches. Specifically:
Survey respondents cited the following as the most “highly important” API security capabilities:
Salt customer data shows that API attacks are on the rise and bad actors are targeting internal and authenticated APIs. Empirical data from Salt customers shows:
The survey found that the vast majority of organizations still lack mature API security programs:
When asked about the most concerning API security risks:
Companies large and small have many unknown security gaps. The report notes:
The survey results from the Q1 2023 State of API Security Report are clear. Respondents overwhelmingly stated that reliance on APIs is continuing to grow as APIs become ever more imperative to their organizations' success. At the same time, APIs are getting harder to protect as attacks increase and traditional tools and processes cannot stop them. Organizations must move beyond yesterday’s application security practices and last-generation tools to a modern security strategy that addresses security at every stage of the API lifecycle and provides a broad range of protections that foster collaboration across teams.
APIs are at the core of every modern application, and attackers continue their efforts at unprecedented rates. Survey responses and Salt customer data overwhelmingly demonstrate that the time is now for organizations to get serious about securing their APIs.
We invite you to download the full report so you can better understand how your organization’s API practices and priorities compare against the industry. We trust that you will find some interesting insights as you chart your path to a robust API security program.
And, if you’re interested in taking the next step, you can request an API Security Gap Assessment to better understand your API landscape and gain personalized remediation insights.
The unsafe consumption of APIs can lead to security breaches, exposing sensitive data, user credentials, or proprietary information, as attackers may exploit vulnerabilities in API usage to gain unauthorized access, execute arbitrary code, or perform unauthorized actions within the system.
Improper Inventory Management is the ninth security threat listed in the OWASP API Security Top 10. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive data, or even gain full server access through old, unpatched or vulnerable versions of APIs.