APIs, App Updates Create New Vulnerabilities

  /     /     /  
Publicated : 23/11/2024   Category : security


APIs, App Updates Create New Vulnerabilities


Enterprises need to build more security into API gateways and applications including encryption and authentication, Radware survey shows.



Some of the technology tools that are fueling global enterprises are also making them more vulnerable to data breaches, a new survey by Radware reveals. Increased collection and sharing of data, growing use of web applications and more frequent updates to those apps all create new exposures and contribute to the increasing number and complexity of application-layer attacks.
The
Radware 2018 State of Web Application Security
report is based on a Merrill Research survey of 302 executives and IT professionals from global enterprises with revenues more than $250 million a year.
It found the vast majority -- 89% -- had experienced attacks against web applications or servers within the past 12 months, and that more than half were experiencing daily or weekly attacks.
Source: Radware 2018 State of Web Application Security
One major reason is the failure to protect application programming interfaces (APIs) and API gateways, notes Mike OMalley, Radware Ltd. (Nasdaq: RDWR)s vice president of carrier strategy and business development. The vast majority of organizations who use API gateways do so to share or consume data, but 70% of survey respondents said they dont require authentication from third-party APIs and 62% dont encrypt data sent by APIs, which creates a major new landscape for data breaches.
The vast majority of companies are not doing something on the API side, OMalley said. He points to the massive breach of the Facebook API as an example of what can happen but adds that most organizations have false confidence in their own systems security, with 90% of those surveyed saying they were confident their organizations could mitigate application-layer attacks. They think if they havent had a Black Swan attack in the last month, its not going to happen to them.
Source: Radware 2018 State of Web Application Security
The need to update applications on a daily or even hourly basis is also contributing to new security concerns. The survey shows about a third of all application types are updated on an hourly or daily basis, with another quarter being updated weekly. Those frequent changes can create new security problems, if there isnt an application security framework in place that automatically refreshes the security along with the change in application behavior, OMalley notes. Re-provisioning static web security with each application change is not cost-effective.
While the survey addresses large global enterprises, he stresses the fact that potentially devastating security breaches arent limited to large companies. In fact, smaller operations with fewer IT resources may be more vulnerable, particularly if they are repositories of sensitive customer data.
A lot of people think this is a Tier 1 problem, and it wont affect them, OMalley comments, citing his favorite example of the local car dealership, with its treasure trove of customer data including drivers license numbers and financial information. They dont realize that it is not a matter of your size in terms of revenue and number of employees, its more about intellectual property and personal data.
The impacts can be devastating, with 52% of those surveyed saying customers asked for compensation following a breach, almost as many reported major reputation loss and almost quarter said executives lost their jobs after a data breach.
To read more about this particular report, check out
this story
on our sister site, Light Reading. — Carol Wilson, Editor-at-Large,
Light Reading

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
APIs, App Updates Create New Vulnerabilities