Fans of the hit comic and TV series The Walking Dead might be pleased to see plenty of spinoff shows planned, despite the original series ending. As thrilling as it is to see hordes of zombies wreaking havoc on the last lines of defense of the human race, I can’t say the same sentiment is particularly appealing when discussing APIs.
The State of API Security Q1 2023 report from Salt Labs paints a grim picture of the climate surrounding API security in most enterprises, with “zombie APIs” a key factor in API-related cyberattacks surging by 400% compared to the previous six-month period. This is a harrowing consequence of widespread API use, especially as it relates to expanding an organization’s attack surface. It’s the new paydirt, the low-hanging fruit for attackers looking for quick wins that could pay off big time.
But let’s get back to zombies.
What is a zombie API, and why should they scare us?
Most companies have multiple business cases that necessitate the use of APIs, with software integrations essential to increasingly dispersed workforces. However, it’s not common knowledge that the average organization has over 15,000 in place – and if we’re talking large enterprises, make that over 25,000.
The problem is, though, that while these APIs might be in place, that’s quite different from them all being in active use. Often, once the initial project or use case for its existence has reached its conclusion, the API might be forgotten about, forever banished to the background. This wouldn’t be an issue except that they are, by design, configured to be very chatty with other applications and often left wide open - from an au ..
Support the originator by clicking the read the rest link below.
