JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
APIs in Peril: API Attacks Increasing
March 13, 2024
The number and severity of API attacks and vulnerabilities are increasing according to the API ThreatStats™2024 Report from Wallarm — there was a 30% increase in API-related Common Vulnerabilities and Exposures (CVEs) and security bulletins in 2023 compared to 2022.
Additionally, malicious requests involving APIs that Wallarm blocked rose significantly from 54% in 2022 to 70% in 2023.
These attacks aren't going unnoticed by the public. Half of the top 20 most mentioned vulnerabilities in Google Searches are API-related, indicating growing public awareness and concern about API security.
"The growth in malicious API requests and rising public awareness of APIs in 2023 prove that API security is growing increasingly crucial for business leaders and cybersecurity professionals to prioritize in their digital security strategies," said Ivan Novikov, CEO of Wallarm.
Source: Wallarm
Injections and API leaks dominate top API security risks
Injections, which involve malicious data or code being inserted into an API that leads to unauthorized access and data breaches, nabbed the first spot on the "Top 10 API Security Risks for 2023" list.
Although a newer entry on the list, API leaks ranked fourth due to their potential for unrestrained disclosure of sensitive data, often through negligent methods. API leaks are often overlooked, as evidenced by their absence from the OWASP Top 10 threat list.
API security bugs rule the bounty game with 62% of rewards
In 2023, most bug bounties — ethical hackers that test and challenge major companies' security systems — were for API security: 62% of all bounty payments. Notably, API-related bounties are higher in value compared to other categories. The highest payout for an API bug was $15,000, three times larger than the highest non-API payout of $5,000.
Social media platform Snapchat had the highest bug bounty payout in 2023, signifying more major players see the importance of getting ahead of critical security flaws.
API security predictions for 2024 that demand immediate action
The report predicts there will be an intensified focus on emerging API data leaks as a significant risk in 2024, emphasizing the prevention of sensitive information breaches that include API keys and JWT tokens.
There will also be a shift towards adopting novel metrics for vulnerability triaging and an increased focus on addressing broken access control and authorization (BOLA) issues in API security strategies.
Industry News
April 25, 2024
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.
April 25, 2024
SmartBear has added no-code test automation powered by GenAI to its Zephyr Scale, the solution that delivers scalable, performant test management inside Jira.
April 24, 2024
Opsera announced that two new patents have been issued for its Unified DevOps Platform, now totaling nine patents issued for the cloud-native DevOps Platform.
April 23, 2024
mabl announced the addition of mobile application testing to its platform.
April 23, 2024
Spectro Cloud announced the achievement of a new Amazon Web Services (AWS) Competency designation.
April 22, 2024
GitLab announced the general availability of GitLab Duo Chat.
April 18, 2024
SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
April 18, 2024
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
April 18, 2024
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
April 17, 2024
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
April 17, 2024
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
April 17, 2024
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
April 16, 2024
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
April 16, 2024
Pegasystems announced the general availability of Pega Infinity ’24.1™.
