Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
APIs in Peril: API Attacks Increasing
March 13, 2024
The number and severity of API attacks and vulnerabilities are increasing according to the API ThreatStats™2024 Report from Wallarm — there was a 30% increase in API-related Common Vulnerabilities and Exposures (CVEs) and security bulletins in 2023 compared to 2022.
Additionally, malicious requests involving APIs that Wallarm blocked rose significantly from 54% in 2022 to 70% in 2023.
These attacks aren't going unnoticed by the public. Half of the top 20 most mentioned vulnerabilities in Google Searches are API-related, indicating growing public awareness and concern about API security.
"The growth in malicious API requests and rising public awareness of APIs in 2023 prove that API security is growing increasingly crucial for business leaders and cybersecurity professionals to prioritize in their digital security strategies," said Ivan Novikov, CEO of Wallarm.
Source: Wallarm
Injections and API leaks dominate top API security risks
Injections, which involve malicious data or code being inserted into an API that leads to unauthorized access and data breaches, nabbed the first spot on the "Top 10 API Security Risks for 2023" list.
Although a newer entry on the list, API leaks ranked fourth due to their potential for unrestrained disclosure of sensitive data, often through negligent methods. API leaks are often overlooked, as evidenced by their absence from the OWASP Top 10 threat list.
API security bugs rule the bounty game with 62% of rewards
In 2023, most bug bounties — ethical hackers that test and challenge major companies' security systems — were for API security: 62% of all bounty payments. Notably, API-related bounties are higher in value compared to other categories. The highest payout for an API bug was $15,000, three times larger than the highest non-API payout of $5,000.
Social media platform Snapchat had the highest bug bounty payout in 2023, signifying more major players see the importance of getting ahead of critical security flaws.
API security predictions for 2024 that demand immediate action
The report predicts there will be an intensified focus on emerging API data leaks as a significant risk in 2024, emphasizing the prevention of sensitive information breaches that include API keys and JWT tokens.
There will also be a shift towards adopting novel metrics for vulnerability triaging and an increased focus on addressing broken access control and authorization (BOLA) issues in API security strategies.
Industry News
December 19, 2024
December 19, 2024
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
December 18, 2024
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
December 18, 2024
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
December 17, 2024
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
December 17, 2024
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
December 17, 2024
Kindo formally launched its channel partner program.
December 16, 2024
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
December 16, 2024
Fastly announced the general availability of Fastly AI Accelerator.
December 12, 2024
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
December 12, 2024
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
December 11, 2024
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
December 11, 2024
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
December 11, 2024
Grid Dynamics announced the launch of its developer portal.
December 10, 2024
LTIMindtree announced a strategic partnership with GitHub.
