Highlights:

  • The rise in the number of mobile apps has also increased the requirement for greater transparency and visibility over APIs.
  • 51% of respondents stated that APIs account for more than half of the development work in their firms.

API security is the one thing that’s the most challenging for many security teams. So many apps and services rely on APIs in today’s more remote, modern work environments that analysts find it difficult to find and safeguard.

API provider Postman released its 2022 State of the API Report, where it polled more than 37,000 developers and API experts. The report found that 20% of respondents say that their firms experience API security issues or breaches at least once per month. In contrast, 51% of respondents stated that APIs account for more than half of the development work in their firms.

The report’s results indicate that if enterprises prevent incursions and lessen the likelihood of data breaches, they may need to take a higher-level strategy to detect and safeguard APIs.

What makes API security difficult?

Regarding the fight to secure APIs, it’s not just the scale of apps and services that pose problems. To address issues at the API level, many organizations still rely on less-than-optimal application security techniques. Given the speed at which modern enterprise settings operate, organizations require solutions that can automatically find and categorize APIs at scale if they wish to assess their risk posture accurately.

According to one Gartner API security report, “many API breaches have one thing in common: the breached organization didn’t know about their unsecured API until it was too late. This is why the first step in API security is to discover the APIs which your organization is delivering or which it consumes from third parties.”

Postman’s latest study seems to support this viewpoint. “Companies that experience more API security incidents are probably using public or shadow APIs that aren’t as secure as other websites. According to Abhinav Asthana, CEO of Postman, “They probably have more legacy components in their ecosystem and might not fully comprehend the scope of their complete API landscape.”

A rise in the number of mobile apps has also increased the need for greater transparency and visibility over APIs.

“Many mobile apps have a number of backend APIs used to support it, and they are often overlooked. Attackers have been abusing these backend mobile APIs for quite some time because they are often not secured and provide much more valuable content. You can’t protect what you don’t know about,” Asthana said.

Market for API Security

Salt Security is one of the crucial participants in the API security business. Its solution can offer testing for APIs in pre-production API. The solution makes use of an API context engine (ACE) that can find new APIs and vulnerabilities.

Another competitor is Noname Security, which offers an API security platform with automated detection and response capabilities to find API flaws and misconfigurations.

The market for API management is predicted to grow from USD 4.5 billion in 2022 to USD 13.7 billion in 2027 as more businesses try to protect increasingly complicated decentralized work environments.