Cloudentity’s latest study “2021 State of API Security, Privacy and Governance” shows 44% of enterprises experience API security issues, including substantial API authorization issues concerning privacy, data leakage and object property exposure with one or both of internal and external-facing APIs. Additionally, 97% of respondents reported that identity and authorization issues with APIs have had a direct impact on their organization in the form of delays to new applications or service enhancements. The report also reveals the top contributors of API identity ad authorization risks are lack of data lineage, difficulty diagnosing issues, component-driven development complexity and inconsistent security policy management.
Yariv Shivek, VP of Product, Neosec had this to say:
“Authorization issues continue to be the most prevalent problem in API security (see also OWASP API Top 10), but certainly not the only one. It is a testament to the unique challenges posed by API security, that even the organizations surveyed (all big established enterprises with 10,000 or more employees) struggle with authentication and authorization issues, as well as other API security risks.”
“The imperative of blending “shift left” with “secure right” can be seen in the mix of issues raised. When it comes to “secure right,” almost half the respondents (47%) rely on log analysis to identify API identity and authorization issues in their organizations, a process I believe is best automated with big-data ML-driven behavioral analytics.”
Yariv mentioned the OWASP API Top 10. You can have a look at it here.
Like this:
Like Loading...
Related
This entry was posted on November 2, 2021 at 4:37 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cloudentity “2021 State of API Security, Privacy and Governance” Shows API Security Issues
Cloudentity’s latest study “2021 State of API Security, Privacy and Governance” shows 44% of enterprises experience API security issues, including substantial API authorization issues concerning privacy, data leakage and object property exposure with one or both of internal and external-facing APIs. Additionally, 97% of respondents reported that identity and authorization issues with APIs have had a direct impact on their organization in the form of delays to new applications or service enhancements. The report also reveals the top contributors of API identity ad authorization risks are lack of data lineage, difficulty diagnosing issues, component-driven development complexity and inconsistent security policy management.
Yariv Shivek, VP of Product, Neosec had this to say:
“Authorization issues continue to be the most prevalent problem in API security (see also OWASP API Top 10), but certainly not the only one. It is a testament to the unique challenges posed by API security, that even the organizations surveyed (all big established enterprises with 10,000 or more employees) struggle with authentication and authorization issues, as well as other API security risks.”
“The imperative of blending “shift left” with “secure right” can be seen in the mix of issues raised. When it comes to “secure right,” almost half the respondents (47%) rely on log analysis to identify API identity and authorization issues in their organizations, a process I believe is best automated with big-data ML-driven behavioral analytics.”
Yariv mentioned the OWASP API Top 10. You can have a look at it here.
Share this:
Like this:
Related
This entry was posted on November 2, 2021 at 4:37 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.