BOULDER, Colo., Oct. 24, 2022 /PRNewswire/ -- Application Programming Interfaces (APIs) present a significant security threat to enterprise data and this niche has become one of the fastest-growing segments of the cybersecurity industry, according to industry analyst and researcher Richard Stiennon . In the webinar Latest Trends in API Security and Learn How to Stay Ahead of Attackers , held October 20, 2022, Stiennon and API security expert and founder of Resurface Labs , Rob Dickinson, discussed the numerous vulnerabilities that exist with APIs and how companies can update their security strategy and tactics to effectively respond to API-based attacks.

APIs present an inherent security risk due to their architecture, and because of the limited visibility organizations have on the number and types of APIs in both their internal systems as well as their publicly facing applications. Security attacks using APIs are increasing, and the industry is responding in kind.

"Vulnerabilities in data sharing between applications are readily becoming more apparent as the use of APIs continues to proliferate," states Stiennon. "As enterprise security teams move to target this specific threat to their data, the API security sector continues to see dramatic increases in both revenue and number of product offerings." As part of the discussion, Stiennon presented findings from his third-quarter report on the direction of the API security industry.

The webinar also provided specifics on how APIs are being exploited and practical solutions on how to mitigate this exposure.

The design of APIs requires that companies look outside conventional security measures.

According to Dickinson. "To safeguard data, companies need to look beyond traditional perimeter tools. APIs generate phenomenal amounts of traffic, and the API economy is showing no indication of slowing. To protect against the exploitation of rapidly proliferating API vulnerabilities, companies must improve their visibility, detection, and response to API-based attacks. Beyond traditional perimeter-based security approaches, organizations must be able to detect malicious API activity generated by attackers masquerading as paid, authenticated users. This is a critical risk for organizations in the new API-centric world of doing business."

