Pegasystems announced the general availability of Pega Infinity ’24.1™.
Widespread API Use Heightens Cybersecurity Risks
February 05, 2018
IT professionals show a heightened concern for cybersecurity risk related to API use, according to a new survey conducted by Imperva.
Specifically, 63 percent of respondents are most worried about DDoS threats, bot attacks, and authentication enforcement for APIs.
APIs power the interactive digital experiences users love and are fundamental to an organization’s digital transformation. However, they also provide a window into an application that presents a heightened cybersecurity risk. The survey shows that more than two-thirds (69 percent) of organizations are exposing APIs to the public and their partners and that organizations are on average managing 363 different APIs.
Public-facing APIs are a key security concern because they are a direct vector to the sensitive data behind applications. 80 percent of organizations use a public cloud service to protect the data behind their APIs with most people using the combination of API gateways (63.2 percent) and web application firewalls (63.2 percent).
“APIs represent a growing security risk because they expose multiple avenues for hackers to try to access a company’s data,” said Terry Ray, CTO for Imperva. “To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.”
92 percent of IT professionals believe that DevSecOps, the combination of development, security and operations, will play a part in the future of application development. This highlights an increased desire from many organizations for security to be built in from the very beginning of software development rather than as an after-thought.
“It is very encouraging that the majority of respondents to our survey expect DevSecOps to be involved in the future of application development. Cybercrime is pervasive, and it is vital that organizations keep their applications safe from hackers. Embracing DevSecOps provides organizations with the building blocks needed for defense against some of the most serious cybersecurity threats,” Ray concluded.
Industry News
May 16, 2024
Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.
May 16, 2024
GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.
May 16, 2024
Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.
May 15, 2024
Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.
May 15, 2024
Rafay Systems has extended the capabilities of its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.
May 15, 2024
NodeScript, a free, low-code developer environment for workflow automation and API integration, is released by UBIO.
May 14, 2024
IBM announced IBM Test Accelerator for Z, a solution designed to revolutionize testing on IBM Z, a tool that expedites the shift-left approach, fostering smooth collaboration between z/OS developers and testers.
May 14, 2024
StreamNative launched Ursa, a Kafka-compatible data streaming engine built on top of lakehouse storage.
May 14, 2024
GitKraken acquired code health innovator, CodeSee.
May 13, 2024
ServiceNow introduced a new no‑code development studio and new automation capabilities to accelerate and scale digital transformation across the enterprise.
May 13, 2024
Security Innovation has added new skills assessments to its Base Camp training platform for software security training.
May 13, 2024
CAST introduced CAST Highlight Extensions Marketplace — an integrated marketplace for the software intelligence product where users can effortlessly browse and download a diverse range of extensions and plugins.
May 09, 2024
Red Hat and Elastic announced an expanded collaboration to deliver next-generation search experiences supporting retrieval augmented generation (RAG) patterns using Elasticsearch as a preferred vector database solution integrated on Red Hat OpenShift AI.
May 09, 2024
Traceable AI announced an Early Access Program for its new Generative AI API Security capabilities.
