Check Point® Software Technologies Ltd.(link is external) announced that it has ranked as a Leader and the only Outperformer for its Check Point Quantum(link is external) Security Solutions in GigaOm’s latest Radar for Enterprise Firewall report(link is external).
From Convenience to Vulnerability: The Dual Role of APIs in Modern Services
February 24, 2025
The world of online services has revolutionized daily life, enabling tasks like grocery shopping and booking travel to be completed via mobile apps. Google Cloud's State of API Economy report(link is external) found that more than 50% of retailers have indicated that APIs accelerate innovation, and 36% indicated that APIs are a strategic asset that can create business value.
This functionality not only benefits end-users but also facilitates interactions between various services, creating a vast API ecosystem. This interconnectedness means that a single API can be used by multiple services, creating a complex web of dependencies. While this enhances the overall user experience and provides businesses with greater flexibility and efficiency, it also opens up new avenues for security gaps and unseen vulnerabilities within the API supply chain.
Increasing Reliance on APIs
In the 2024 Gartner API Strategy survey(link is external), 82% of respondents reported that their organizations use APIs internally, while 71% also use APIs provided by third parties, such as SaaS vendors. Today, the average organization manages over 1,000 APIs, according to Treblle's Anatomy of an API report. This growth is mirrored by a 61% increase in the number of developers utilizing APIs in recent years. Postman's 2023 State of the API Report also indicated a growing trend of non-developers, including chief technology officers, managers, and directors, utilizing APIs more frequently.
. OWASP's API Security Top 10 list highlights these rising risks, issuing a stark warning about the growing threats targeting APIs. Akamai's 2024 State of the Internet report revealed that APIs were the point of entry for a staggering 44.2% of web attacks aimed at commerce organizations and 31.8% of attacks against business services, directly validating the concerns raised by OWASP and demonstrating the urgent need to address API security risks.
Driving Innovation and Risk
APIs are specifically designed to share a company's most valuable data and services, making them an attractive target for malicious actors. In January 2024, an exposed Trello API compromised data of over 15 million users(link is external) by linking private email addresses to Trello accounts and later that year Dell experienced a breach affecting 49 million(link is external) customer records due to an API vulnerability, where attackers exploited a partner portal API to access fake accounts.
Recently, a non-exploited vulnerability was discovered within a popular Travel Service that could have enabled attackers to take over victim accounts with a single click. Such an attack is called an "API Supply Chain Attack," in which an attacker chooses to attack a weaker link in the service's API ecosystem. While the takeover could occur within the integrated service, it likely would have provided attackers full access to the user's personally identifiable information (PII) from the main account, including all mileage and rewards data. Beyond mere data exposure, attackers could perform actions on behalf of the user, such as creating orders or modifying account details. This critical risk highlights the vulnerabilities in third-party integrations and the importance of stringent security protocols to protect users from unauthorized account access and manipulation.
Vigilance, governance, and explicit control of APIs are essential for safeguarding against security gaps and vulnerabilities within API ecosystems. Organizations must prioritize investing in comprehensive API tools and software that support the entire API lifecycle. This includes identifying and cataloging all APIs in use to ensure visibility and control, continuously assessing and improving the security posture of APIs to mitigate risks, and implementing robust security measures to detect and respond to potential threats targeting APIs. By adopting a holistic approach to API management, organizations can effectively mitigate risks and enhance the security of their ecosystems.
While APIs have become a prime target for malicious actors due to their widespread use and critical role in modern applications, the landscape of defense mechanisms is evolving rapidly. Organizations around the world now have access to an unprecedented array of tools, research, and information designed to bolster their security posture. Additionally, ongoing research in the field is uncovering new vulnerabilities and attack vectors, enabling security professionals to stay ahead of potential threats. This wealth of resources empowers organizations to implement more effective security strategies, ensuring the integrity and confidentiality of their API-driven services.
Industry News
April 21, 2025
Postman announced new releases designed to help organizations build APIs faster, more securely, and with less friction.
April 21, 2025
SnapLogic announced AgentCreator 3.0, an evolution in agentic AI technology that eliminates the complexity of enterprise AI adoption.
April 17, 2025
GitLab announced the general availability of GitLab Duo with Amazon Q.
April 17, 2025
Perforce Software and Liquibase announced a strategic partnership to enhance secure and compliant database change management for DevOps teams.
April 17, 2025
Spacelift announced the launch of Saturnhead AI — an enterprise-grade AI assistant that slashes DevOps troubleshooting time by transforming complex infrastructure logs into clear, actionable explanations.
April 16, 2025
CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.
April 16, 2025
Bauplan, a Python-first serverless data platform that transforms complex infrastructure processes into a few lines of code over data lakes, announced its launch with $7.5 million in seed funding.
April 15, 2025
Perforce Software announced the launch of the Kafka Service Bundle, a new offering that provides enterprises with managed open source Apache Kafka at a fraction of the cost of traditional managed providers.
April 14, 2025
LambdaTest announced the launch of the HyperExecute MCP Server, an enhancement to its AI-native test orchestration platform, HyperExecute.
April 14, 2025
Cloudflare announced Workers VPC and Workers VPC Private Link, new solutions that enable developers to build secure, global cross-cloud applications on Cloudflare Workers.
April 14, 2025
Nutrient announced a significant expansion of its cloud-based services, as well as a series of updates to its SDK products, aimed at enhancing the developer experience by allowing developers to build, scale, and innovate with less friction.
April 10, 2025
Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.
April 10, 2025
Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.
April 10, 2025
The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.
