Cambridge, MA USA | July 18, 2023

Share

AKAM, news, filings), the cloud company that powers and protects life online, today released the results of a new survey of application security professionals on what they view as the top security risks related to Application Programming Interfaces (APIs).</p>\r\n<p>The <a href=\"/content/akamai/en/lp/report/sans-analyst-report-on-api-security-trends.html\" target=\"_self\">2023 SANS Survey on API Security</a> found that less than 50 percent of respondents have API security testing tools in place. Even fewer have API discovery tools (29 percent). What’s more, the report finds that taking advantage of API security controls that are included in DDoS and load balancing services is “an underutilized area.” Just 29 percent of respondents reported using these features.</p>\r\n<p>Akamai partnered with the <a href=\"https://www.sans.org/mlp/2/\" target=\"_blank\" rel=\"nofollow noreferrer\">SANS Institute</a> on the survey which was conducted in the first quarter of 2023 to determine enterprise awareness, readiness and future plans for dealing with API security risks. The 231 global respondents were primarily application security professionals.</p>\r\n<p>Modern applications increasingly use APIs to capture business processes and break them into the communications required to efficiently enable business partners and customers to work with an organization. A recent <a href=\"/content/akamai/en/lp/soti/slipping-through-the-security-gaps-the-rise-of-application-and-api-attacks.html\" target=\"_self\">State of the Internet report</a> by Akamai noted that 2022 was a record breaking year for application and API attacks.</p>\r\n<p>Survey participants ranked phishing (38.3 percent) and missing patches (24 percent) as the top two API security concerns. These were followed by exploitation of vulnerable applications/APIs (12 percent) and accidental disclosure of sensitive information (9.1 percent).</p>\r\n<p>Other key findings of the survey include:</p>\r\n<ul>\r\n<li>62 percent of respondents are using web application firewalls as part of API risk mitigation.</li>\r\n<li>Most (57.1 percent) respondents reported API inventory accuracy of between 25 percent and 75 percent.</li>\r\n<li>Most respondents cited the OWASP (Open Web Application Security Project) Application Security and API Top Ten lists, and the MITRE ATT&amp;CK Framework as the basis for defining application and API risk.</li>\r\n<li>76 percent of survey takers reported training development staff on application security.</li>\r\n</ul>\r\n<p>“This new survey offers the industry perspective on a topic which will continue to be one of the top security issues of 2023 and beyond,” said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. “The results show enterprises need to place more focus on both where and how many APIs are running, because vulnerable APIs are becoming the most common access point for attacks.”</p>\r\n<p>“The key takeaways of this survey are that security hygiene controls like strong authentication, asset inventory, vulnerability management and change control need to address API security issues,&quot; said John Pescatore, Director of Emerging Security Trends with SANS. “Prevention and detection need to be upgraded to deal with API-centric attacks, and infrastructure services (such as content delivery networks and denial of service filtering) need to be put to work, as well.”</p>\r\n<p>A webinar with more details on the survey will feature John Pescatore and Akamai VP Alka Malik. The event is scheduled for July 18 at 10:30am ET and those interested can sign up <a href=\"https://www.sans.org/webcasts/2023-sans-survey-on-application-security/?source=akamai1\" target=\"_blank\" rel=\"nofollow noreferrer\">here</a>. The webinar will also spotlight several Akamai customers and include discussions around how organizations currently discover APIs in use and how to mitigate the risks posed by these vulnerabilities.</p>\r\n"}}">

Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released the results of a new survey of application security professionals on what they view as the top security risks related to Application Programming Interfaces (APIs).

The 2023 SANS Survey on API Security found that less than 50 percent of respondents have API security testing tools in place. Even fewer have API discovery tools (29 percent). What’s more, the report finds that taking advantage of API security controls that are included in DDoS and load balancing services is “an underutilized area.” Just 29 percent of respondents reported using these features.

Akamai partnered with the SANS Institute on the survey which was conducted in the first quarter of 2023 to determine enterprise awareness, readiness and future plans for dealing with API security risks. The 231 global respondents were primarily application security professionals.

Modern applications increasingly use APIs to capture business processes and break them into the communications required to efficiently enable business partners and customers to work with an organization. A recent State of the Internet report by Akamai noted that 2022 was a record breaking year for application and API attacks.

Survey participants ranked phishing (38.3 percent) and missing patches (24 percent) as the top two API security concerns. These were followed by exploitation of vulnerable applications/APIs (12 percent) and accidental disclosure of sensitive information (9.1 percent).

Other key findings of the survey include:

  • 62 percent of respondents are using web application firewalls as part of API risk mitigation.
  • Most (57.1 percent) respondents reported API inventory accuracy of between 25 percent and 75 percent.
  • Most respondents cited the OWASP (Open Web Application Security Project) Application Security and API Top Ten lists, and the MITRE ATT&CK Framework as the basis for defining application and API risk.
  • 76 percent of survey takers reported training development staff on application security.

“This new survey offers the industry perspective on a topic which will continue to be one of the top security issues of 2023 and beyond,” said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. “The results show enterprises need to place more focus on both where and how many APIs are running, because vulnerable APIs are becoming the most common access point for attacks.”

“The key takeaways of this survey are that security hygiene controls like strong authentication, asset inventory, vulnerability management and change control need to address API security issues,” said John Pescatore, Director of Emerging Security Trends with SANS. “Prevention and detection need to be upgraded to deal with API-centric attacks, and infrastructure services (such as content delivery networks and denial of service filtering) need to be put to work, as well.”

A webinar with more details on the survey will feature John Pescatore and Akamai VP Alka Malik. The event is scheduled for July 18 at 10:30am ET and those interested can sign up here. The webinar will also spotlight several Akamai customers and include discussions around how organizations currently discover APIs in use and how to mitigate the risks posed by these vulnerabilities.

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai’s cloud computing, security, and content delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.