Aite Group Research Validates API Security Gaps

September 2, 2020

2020 is moving into the final quarter and it appears to be the year of the API security incident with MGM, Starbucks, Data Viper and Docker as just a few examples of API security incidents. The reasons are obvious – API use has exploded for both developers and bad actors. The same developer benefits of speed and flexibility are leveraged to execute an attack resulting in fraud and data loss.

In many cases, the root cause of the incident is human error. Verbose error messages, access control and authentication improperly configured. The list goes on. But why? Inexperience? Moving too quickly? Not adhering to a specification? Not trained in secure coding practices? No peer review or security review? The answer is a little bit of all of the above, as highlighted by a new API Security Best Practices Research Report published by Joe Krull from the Aite Group. The report validates security gaps in protecting APIs and makes recommendations that will benefit any organization moving towards an API centric development methodology.

Establishing and Adhering to API Security Best Practices

It’s well known that maintaining compliance or adhering to best practices is best achieved using a combination of documented recommendations (like those outlined in the report) combined with training, and technology. The technology component is where we can help. We have been protecting APIs from automated attacks for nearly 5 years now, and on a daily basis we are securing nearly half a billion APIs.

Our newest product, API Sentinel extends our API security expertise by integrating with existing API management infrastructure to discover all public-facing APIs, including those published in the shadows. It then performs a runtime analysis of your API risk and assesses their specification conformance. In short, API Sentinel can help your organization rein in your API footprint and reduce the security exposure by finding errors before they are published, or discovered. We’ve summarized the report’s seven API security core competencies below and how API Sentinel might be used to maintain adherence to the findings.

The guidance found in the report is a great start for anyone moving towards a more API-centric development methodology. API Sentinel adds a technology layer that will help you monitor, track and enforce the best practices defined. It’s a win-win scenario. Don’t take our word for it – try API Sentinel with our 30-day free trial.

API discoveryAPI Securityapi sentinel

About the Author

Matt Keil

Director of Product Marketing

Network IQ
9 August 2022

Network IQ: How the Largest API Threat Database Protects Your APIs

Read More
Ulta Beauty Reduce Costs - By Blocking API-based Enumeration Attacks
3 August 2022

Ulta Beauty Reduces Costs by Blocking API-based Enumeration Attacks

Read More
Unified API Security Bot Management
29 July 2022

Mergers and Acquisitions in API Security and Bot Management

Read More
API Threat Prevention
26 July 2022

API Threat Prevention and Comprehensive Protection: Part 3

Read More
Automated API Attacks Mockingbird
25 July 2022

How Automated API Attacks Are the Digital Equivalent of Mockingbirds

Read More

Subscribe to our blog