The majority (95%) of organizations have experienced an API security incident in the past 12 months, according to Salt Security’s Salt Labs State of API Security Report, Q1 2022.
Financial institutions must protect themselves from salami attacks, which consist of a sequence of small, fraudulent transactions that can easily bypass detection but, combined, can result in considerable losses.
Salt Labs found that nearly every organization using Elastic Stack is affected by a new vulnerability, which makes users susceptible to injection attacks. Bad actors can use injection attacks to exfiltrate data and launch denial of service (DoS) events.
A Python exploit gives access to more than 10,000 API (Application Programming Interface) keys via Wayback Machine, a project that archives the content of internet sites.
Additional report findings include 64% of survey respondents have delayed an application rollout over API security concerns and 94% have experienced an API security incident
July 28, 2021
Salt Security released the Salt Labs State of API Security Report, Q3 2021, revealing significant challenges in addressing API security, with all customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.
Inon Shkedy, Head of Security Research for Traceable, who also serves as the API Security Project Lead at OWASP and has co-authored the OWASP API Top 10, talks to Security about API security risks.