
VentureBeat: Why API Security is a Fast-growing Threat to Data-driven Enterprises
On November 23, NetSPI Managing Director, Nabil Hannan, was featured in the VentureBeat article called Why API Security is a Fast-growing Threat to Data-driven Enterprises. Read the preview below or view it online.
+++
As data-driven enterprises rely heavily on their software application architecture, application programming interfaces (APIs) occupy a significant position. APIs have revolutionized the way web applications are used, as they aid communication pipelines between multiple services. Developers can integrate any modern technology with their architecture by using APIs, which is highly useful for adding features that a customer needs.
By nature, APIs are vulnerable to exposing application logic and sensitive data such as personally identifiable information (PII), which makes them an easy target for attackers. Often available over public networks (accessible from anywhere), APIs are typically well-documented and can be quickly reverse-engineered by malicious actors. They are also susceptible to denial of service (DDoS) incidents.
The most significant data leaks are due to faulty, vulnerable or hacked APIs, which can reveal medical, financial and personal data to the general public. In addition, various attacks can occur if an API is not secured correctly, making API security a vital aspect for data-driven businesses today.
The Future of API Security
“We’re most likely going to see a different software paradigm shift in the next five years that combines features from REST and SOAP security. I believe there will be a software development paradigm where features from each method are used to create a combined superior method,” Nabil Hannan, managing director at NetSPI, told VentureBeat. “This combination will take security out of the hands of the developers and allow for better ‘secure by design’ adoption.”
Hannan said that the concept of identity and authentication is changing, and we need to move away from usernames and passwords and two-factor authentication, which relies on humans not making any errors.
“The authentication workflow will shift to what companies like Apple are doing around identity management with innovations like the iOS16 keychain. This will be developed through APIs in the near future,” he said.
You can read the full article at VentureBeat!
Explore More News

NetSPI Named a 2025 USA TODAY Top Workplaces Award Winner
NetSPI earned a 2025 USA TODAY Top Workplaces award for the fourth year in a row for its cultural excellence, employee appreciation, and purpose and values.

Forbes: X Under Attack—Who Was Really Behind The Musk Platform Outages?
Forbes quoted NetSPI CTO, Tom Parker, in an article focusing on the attacks on X and the challenges of attributing them to specific threat actors.

Computer Weekly: Musk claims of Ukraine DDoS attack derided by cyber community
Computer Weekly quoted NetSPI CTO, Tom Parker, in an article focusing on the attack on X and a caution to preemptively assign blame.