We live in a world of cloud computing, mobile devices and microservices. Nearly every application we interact with is powered by APIs, often many, especially when dealing with the leading cloud service providers (CSPs), mobile applications and microservice environments. This makes APIs a critical part of an organization’s attack surface.
Akamai estimates that roughly 83% of internet traffic is API-based. Other studies such as those from Salt Security state that API attacks increased over 600% from 2021 to 2022, and Gartner predicts that 90% of web-enabled applications will have broader attack surfaces due to exposed API’s. The latest study from Imperva claims that vulnerable APIs are costing organizations between $40 and $70 billion annually.