VentureBeat: Why API Security is a Fast-growing Threat to Data-driven Enterprises
On November 23, NetSPI Managing Director, Nabil Hannan, was featured in the VentureBeat article called Why API Security is a Fast-growing Threat to Data-driven Enterprises. Read the preview below or view it online.
+++
As data-driven enterprises rely heavily on their software application architecture, application programming interfaces (APIs) occupy a significant position. APIs have revolutionized the way web applications are used, as they aid communication pipelines between multiple services. Developers can integrate any modern technology with their architecture by using APIs, which is highly useful for adding features that a customer needs.
By nature, APIs are vulnerable to exposing application logic and sensitive data such as personally identifiable information (PII), which makes them an easy target for attackers. Often available over public networks (accessible from anywhere), APIs are typically well-documented and can be quickly reverse-engineered by malicious actors. They are also susceptible to denial of service (DDoS) incidents.
The most significant data leaks are due to faulty, vulnerable or hacked APIs, which can reveal medical, financial and personal data to the general public. In addition, various attacks can occur if an API is not secured correctly, making API security a vital aspect for data-driven businesses today.
The Future of API Security
“We’re most likely going to see a different software paradigm shift in the next five years that combines features from REST and SOAP security. I believe there will be a software development paradigm where features from each method are used to create a combined superior method,” Nabil Hannan, managing director at NetSPI, told VentureBeat. “This combination will take security out of the hands of the developers and allow for better ‘secure by design’ adoption.”
Hannan said that the concept of identity and authentication is changing, and we need to move away from usernames and passwords and two-factor authentication, which relies on humans not making any errors.
“The authentication workflow will shift to what companies like Apple are doing around identity management with innovations like the iOS16 keychain. This will be developed through APIs in the near future,” he said.
You can read the full article at VentureBeat!
Explore more News
Forbes: What Would Anubis Think Of Modern Day CEOs?
Forbes featured insights from NetSPI’s CEO, Aaron Shilts, on the CEO role. Read the article.
PC Gamer: This 3D printed laser chip-hacking device uses a $20 laser pointer, costs $500 to build, and was developed so that ‘people can do this in their homes’
Read the story of NetSPI's Sam Beaumont and Larry "Patch" Trowell created a laser hacking device (RayV Lite) that makes microchip exploitation easier.
WIRED: A $500 Open-Source Tool Lets Anyone Hack Computer Chips With Lasers
In an exclusive with WIRED, NetSPI’s Director of Transportation, Mobility, and Cyber Physical Systems, Sam Beaumont, and Director of Hardware and Embedded Systems, Larry “Patch” Trowell, explain a new laser hacking device they’ve created, RayV Lite. This device will be presented at Black Hat USA. Read the preview below or view it online. +++ IN […]