The API Security Newsletter - Issue #18
APIs power most digital experiences today, but CXOs remain concerned about security. Digital transformation is driving API adoption in every sector, which in turn is driving an increase in malicious API attacks.
Today’s businesses must harden APIs against threats at every level of their organization
Worldwide statistics point to a clear trend: API cloud attack vectors are becoming more and more common as we move into the future. To truly protect their applications and users from malicious actors, today’s businesses must harden APIs against threats at every level of their organization.
Noname utilizes AI/ML, specifically unsupervised machine learning, to identify and remediate security issues for APIs in cloud and on-prem environments. Intel has optimized its CPUs for processing complex AI/ML algorithms required to analyze API traffic.
As cybercriminals continue to take advantage of vulnerable technology, processes, and people, they’re now shifting their attacks beyond “traditional” targets. With APIs expanding to microservices and cloud on top of the external apps, IoT, and mobile apps, adversaries are now focusing their operations on APIs.
Organisations were mostly confident about security yet when probed on specifics of how they handle security were missing key practices that lead to success. A specific example of this is that despite a large proportion of the respondents not having a high degree of observability across their API inventory, they, somewhat contradictorily, were confident or very confident in their organisation’s ability to detect a breach.
API (security) related videos
Postman’s API Governance and API Security features offer you guidance for APIs as you design your API definition and send requests. This video shows you how to set, edit, and use rules in Postman.
David Thomason, from Noname Security, shares a scary tale of FRUAD in a really sneaky way! This one ends on a cliffhanger, though...
Learn how security is now fusing with all kinds of technology and need people with all kinds of skills and neurodiversity.
Two more things...
Apple launched a new dedicated security research portal, here you can hear about the latest advances in Apple security from their engineering teams, you also have the ability to send in your own research, and work directly with Apple to be recognized and rewarded for helping keep Apple users safe.
Microsoft also just released their Microsoft Digital Defense Report 2022. On February 23, 2022, the cybersecurity world entered a new age, the age of the hybrid war. On that day, hours before missiles were launched and tanks rolled across borders, Russian actors launched a massive destructive cyberattack against Ukrainian government, technology, and financial sector targets. You can read more about these attacks and the lessons to be learned from them in the Nation State Threats chapter of this third annual edition of the Microsoft Digital Defense Report (MDDR).
Disclaimer: The author of this newsletter is employed by Noname Security, but this is not an official Nonane Security publication, the newsletter is meant to provide independent API Security News. I encourage you to reach out with comments and/or suggestions for the newsletter via https://twitter.com/filipv (DM’s are open).