
VentureBeat: Why API Security is a Fast-growing Threat to Data-driven Enterprises
On November 23, NetSPI Managing Director, Nabil Hannan, was featured in the VentureBeat article called Why API Security is a Fast-growing Threat to Data-driven Enterprises. Read the preview below or view it online.
+++
As data-driven enterprises rely heavily on their software application architecture, application programming interfaces (APIs) occupy a significant position. APIs have revolutionized the way web applications are used, as they aid communication pipelines between multiple services. Developers can integrate any modern technology with their architecture by using APIs, which is highly useful for adding features that a customer needs.
By nature, APIs are vulnerable to exposing application logic and sensitive data such as personally identifiable information (PII), which makes them an easy target for attackers. Often available over public networks (accessible from anywhere), APIs are typically well-documented and can be quickly reverse-engineered by malicious actors. They are also susceptible to denial of service (DDoS) incidents.
The most significant data leaks are due to faulty, vulnerable or hacked APIs, which can reveal medical, financial and personal data to the general public. In addition, various attacks can occur if an API is not secured correctly, making API security a vital aspect for data-driven businesses today.
The Future of API Security
“We’re most likely going to see a different software paradigm shift in the next five years that combines features from REST and SOAP security. I believe there will be a software development paradigm where features from each method are used to create a combined superior method,” Nabil Hannan, managing director at NetSPI, told VentureBeat. “This combination will take security out of the hands of the developers and allow for better ‘secure by design’ adoption.”
Hannan said that the concept of identity and authentication is changing, and we need to move away from usernames and passwords and two-factor authentication, which relies on humans not making any errors.
“The authentication workflow will shift to what companies like Apple are doing around identity management with innovations like the iOS16 keychain. This will be developed through APIs in the near future,” he said.
You can read the full article at VentureBeat!
Explore More News

The Wall Street Journal: Public Officials Separate Workplace and Personal Online Lives. Hackers Don’t Care.
NetSPI Field CISO Nabil Hannan was featured in The Wall Street Journal's article covering the need for secure practices when using apps for both personal and professional activities.

NetSPI’s All-in-One Cyber Platform Brings Speed and Scale to Proactive Security
NetSPI's Platform wins 2025 Cybersecurity Excellence Award in Security Platform category, highlighting its innovative approach to exposure management.

Media Alert: NetSPI Wins 2025 Cybersecurity Excellence Award in the Security Platform Category
NetSPI's Platform wins 2025 Cybersecurity Excellence Award in Security Platform category, highlighting its innovative approach to exposure management.