Published on November 9, 2023, 5:36 am
Application Programming Interfaces (APIs) are an essential component of today’s digital ecosystem, enabling software applications to interact with one another. They serve as the connective tissue that allows seamless communication and collaboration between different systems. However, the widespread use of APIs has also given rise to security concerns and vulnerabilities.
According to the VMware Global Incident Response Threat Report 2022, 23% of respondents identified APIs as a new vector for cyber attacks. The most common types of API attacks include data exposure, SQL and API injection attacks, and distributed denial-of-service attacks. These findings indicate that attackers are not only targeting API security but also leveraging APIs as a gateway to carry out additional destructive attacks.
Rick McElroy, principal cybersecurity strategist at VMware, highlights the importance of addressing API vulnerabilities. He notes that APIs underpin various technology functions such as disaster recovery, datacenter orchestration, and security automation. Attackers are exploiting these vulnerabilities in APIs, making them a significant threat.
To enhance API security and mitigate potential risks, organizations should regularly assess their APIs and implement robust detection mechanisms for API-based attacks. It is crucial to have real-time response capabilities in place to counter these attacks effectively.
One area that presents a high risk in terms of API security is the lack of authentication or strong rotation of cryptographic keys over APIs. Organizations should prioritize implementing proper authentication measures and regularly scan code repositories to understand how credentials are used in API calls.
To manage API usage effectively and contain potential threats, organizations need to adopt a proactive approach. This begins with conducting thorough assessments to gain visibility into deployed APIs and custom code developed by security or development teams. It is essential to eliminate unnecessary or unused versions of APIs from code repositories to reduce the attack surface.
McElroy recommends three strategies to improve API performance while enhancing security:
1. Implement an API gateway: An API gateway provides authentication capabilities, traffic monitoring, analytics, and alerts on how APIs are being used.
2. Incorporate network components: Network components can detect specific behaviors and identify attacks targeting APIs.
3. Employ attack simulations: Conducting adversary emulation and continuous assessments help identify vulnerabilities in APIs and enhance security measures against potential attacks.
In addition to API vulnerabilities, containers also pose a threat in terms of security risks. McElroy emphasizes the need for organizations to update, patch, and understand container behaviors to prevent, detect, and respond to challenges effectively.
In summary, CISOs/CIOs should prioritize collaboration between security teams and other departments involved in the digital journey. A shared strategic plan and vision are essential for creating a culture of collaboration and aligning security strategies with overall business goals. With a combined effort and cohesive approach, organizations can strengthen their security posture and mitigate the risks associated with APIs and containers.
ExecOpinion: APIs as new vectors of vulnerabilities