Nov 11, 2025 – Jeremy Snyder – API Security: Why the Gap
Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital economy. Business needs demand speed. Engineers constantly work to tight deadlines and are always focused on that next release. And with the rise of microservice architectures and the proliferation of cloud services in modern software, APIs are an essential part of effective and speedy development. No one in a business wants to hinder the pace of innovation. On the other hand, in an ever-evolving threat landscape, cybersecurity is a constant concern for organizations of all sizes. Novel attack vectors, particularly those related to APIs, emerge as quickly as technology evolves. It is more important than ever for application and security teams to work together. Failure to close the gap can be catastrophic.
The Dangers of Unsecured APIs
APIs, by design, serve as a gateway to your data. It makes them extremely attractive to attackers. APIs are also often the interface where business functions can be invoked. For that reason, APIs are the only construct that has both data access and transactional capabilities, so APIs are a doubly enticing target. Our research shows that API breach incidents are accelerating at a rate of 227% year-on-year and the average volume of records exposed is close to 3M per event.
Even the largest and most sophisticated organizations are at risk. Here are just a few examples:
API Vulnerability – In 2021, the exercise equipment company had to deal with fallout as researchers identified a bug in its API that allowed unauthorized access to users’ private data, including user IDs, instructor IDs, group memberships, location, workout stats, gender, age, and studio status. The vulnerability arose due to the fact that the API authenticated once, but then didn’t require subsequent authorization to access additional functions. Furthermore, sequential numbering made scraping very easy. It was a major concern, especially given the fact that the smart exercise bike company’s user base included President Joe Biden. The potential risks of built-in cameras and microphones in the bikes were highlighted, with questions about the security of such features in sensitive locations like the White House.
API Flaws – In 2
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: