Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

APIs power today’s digital economy and enable organizations to succeed in their business innovation efforts. Because every company’s APIs are unique, so are its security gaps, which bad actors will inevitably try to exploit. Only through rich context and deep behavioral analysis can these attackers be stopped. Many of the APIs that enable today’s applications and business services live and breathe within the Amazon Web Service (AWS) ecosystem.

The Open Web Application Security Project (OWASP) is a non-profit foundation devoted to web application security. One of OWASP's guiding principles is that all of their resources should be freely available and simple to find on their website, enabling anyone to increase the security of their own web applications. They provide forums, tools, videos, and documentation among other things.

APIs were already ubiquitous in driving modern applications. However, the pandemic has further accelerated growth in innovation and expansion of digital services, making APIs even more widespread. In today’s world, rapid innovation would not be possible without secure APIs. Attacks on APIs are increasing exponentially. Gartner suggests API abuses are the most significant attack vector since 2022. Hence securing APIs is more critical than ever in the past.

The digital world has brought advancements in all sorts of life. The applications communicate with each other over the internet to deliver effective service. API is an application language that interacts with the application server to extract the client’s intended information and produce it readable. It is estimated that the global API market will reach about 13.7 billion US dollars by 2027. This user-friendly software makes the business organization widely adopt it to enhance their growth.

Since a lot of our customers build and run their applications in AWS, our partnership and joint solution delivery with AWS provides enormous value. We’re excited to share that we’ve deepened our ties to AWS in two compelling ways, by achieving AWS WAF Ready Status and earning AWS Security Competency. Salt is the first and only API security company in both of these vital AWS programs.

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month.

Security misconfigurations are very common security risks, not just in web applications but also in APIs. They have been consistently part of the OWASP Top 10 Web Application Vulnerabilities. They were part of the original OWASP Top 10 API Security Risks published in 2019 and have now made it to the updated 2023 list. Security misconfiguration maintains its 7th rank in OWASP Top 10 API 2023RC owing to its widespread prevalence, easy exploitability, and easy detectability.

We have smashing news to share! Salt Security has been named Cybersecurity Solution of the Year in the Prestigious National Technology Awards – our first award in the UK and a brilliant recognition! Organized by National Technology News, the National Technology Awards celebrate the pioneers of technology and encourage excellence, providing the most comprehensive celebration of technology of the year.

This post is the second in a series describing OAuth implementation issues that put companies at risk. We create these posts to share rich technical details, drawn from real-world use cases, to educate the broader industry on the nature of these errors, their potential impact, and how to avoid them to better protect API ecosystems.