Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

API attack traffic has grown at triple the rate of overall API traffic

Additional report findings include 64% of survey respondents have delayed an application rollout over API security concerns and 94% have experienced an API security incident

API-freepik
July 28, 2021

Salt Security released the Salt Labs State of API Security Report, Q3 2021. The latest edition, compiled six months after the company’s inaugural report, reveals significant challenges in addressing API security, with all Salt customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks. In the past six months, Salt data shows overall API traffic has increased 141% – in the same time period, API attack traffic grew a staggering 348%. The sobering report findings illustrate the security consequences of the rapid growth in API use driven by digital transformation and IT modernization projects.

“APIs and the valuable data they access are linchpins of today’s data- and application-centric economy. Yet APIs remain one of the most vulnerable elements of any organization’s application or software stack,” said Roey Eliyahu, co-founder and CEO, Salt Security. “Anecdotally, we know we find critical security vulnerabilities in the APIs of 90% of the prospects we support. This report quantifies those anecdotal findings, highlighting the API security risks companies are living with everyday. As  API adoption and traffic has accelerated, so have the security risks. APIs are meant to enable innovation, not stifle it, as we’re seeing in this report.”

Organizations rely on APIs for a broad range of business-critical initiatives. This latest edition of the State of API Security Report found that 61% of survey respondents use APIs for platform or system integrations, 52% use them to drive digital transformation, and 47% use them to standardize or improve the efficiency of application and software development. These critical initiatives are suffering set-backs, however, with 64% of respondents delaying application rollouts as a result of API security concerns. 

“APIs can be the weakest link in an organization’s application security chain, especially since traditional tooling such as WAFs and API gateways can’t protect against the API attacks frequently carried out today,” said Michael Isbitski, Technical Evangelist, Salt Security. “Several factors – including growing API usage, faster application and software development cycles, and increased hacker targeting – contribute to increasing risk for API-first organizations.”

 

Security remains the leading concern in API programs

Among the potential concerns respondents might have about their API programs – from impact on application delivery to documentation to pre-prod security to testing – security topped the list. Worries over a lack of pre-production security was the leading response (26%), followed closely by concerns about the program not adequately addressing runtime security (20%). The next closest area of concern hit considerably lower on the list – not driving enough observability and control (14%).

 

Viewing API security as a “shift left” problem is failing

“Developers write APIs, so they should be responsible for securing APIs.” This perspective actually increases organizational risk. More than half of survey respondents put responsibility for API security on the API team, developers, and DevOps teams – at the same time, 94% of respondents have experienced an API security incident in the past 12 months. No one writes perfect code, and you need to see APIs in action in runtime to see business logic flaws. Remediation insights that help developers improve APIs are crucial but they’re not the full answer.

 

WAFs and API Gateways continue to miss API attackers 

Nearly half of respondents are trying to identify API attackers via their WAF or API gateway, and 12% admit they have no way to identify an API attacker. Every Salt customer has a WAF, and every Salt customer suffers multiple API attacks every month. API attacks are different from application attacks, following no preset pattern and not triggering alerts from any traditional tooling because any single API transaction in an attack typically looks legitimate. You need context that WAFs and API gateways lack to identify and stop API attackers.

 

62% of organizations have no or just a basic strategy in place for API security

Every organization in this latest survey has dozens of APIs in production, but only 39% have more than a basic security strategy for their API program. More than a quarter have no strategy at all. What’s keeping these organizations from crafting a robust plan? A lack of resources/people (30%) and budget constraints (24%) are the top constraints. 

 

Additional findings from the State of API Security Report:

  • 40% of respondents cite the risk of “Zombie APIs” as their top concern, nearly triple the number who cite account takeover as the top concern.
  • 85% of respondents have some doubt about the completeness of their API inventory.
  • 55% percent of respondents cite runtime protection as the top priority for API security and the most highly valued attribute of an API security platform.
  • 85% of respondents lack confidence that they know which APIs expose sensitive data.

 

API Security Practices Are Evolving – For the Better

Findings from the report also highlight that approaches to API security are changing as collaboration between security and DevOps teams increases. One-third of respondents cited security as a primary reason for partnering with their peers, and only 9% saw no change in how security teams are conducting their work around API security requirements. 

When survey respondents were asked about how API security is creating changes in how security professionals do their job, the majority was split with 34% agreeing that security must collaborate more with DevOps teams and 34% noting security engineers are getting embedded within DevOps teams.

The State of API Security Report, Q3 2021, was compiled by researchers from Salt Labs, the research division of Salt Security, utilizing survey data from more than 200 security, application and DevOps professionals as well as anonymized and aggregated empirical data from Salt Security customers obtained through the Salt Security API Protection Platform.

KEYWORDS: API security cyber security risk management security management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0119-News1-Feat-slide_900px

    Rate of Traffic-Related Deaths Continues to Increase

    See More
  • Security newswire default

    Cisco: Global IP Traffic to Triple by 2022

    See More
  • SEC_Web_5Minutes Mattson

    How organizations can defend against the increasing API attack surface

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!