![]() ![]() The right attack-often a multi-level attack-could potentially lead to your organization’s most sensitive data being compromised, whether it’s personally identifiable information (PII) or intellectual property (IP). If they’re able to escalate privileges, they can then pivot to other types of attacks and gain a foothold in the network. By exploiting a vulnerable API, attackers can gain access to your network using one kind of attack. In worst case, it’s not just your data that is potentially at risk but also your infrastructure. Gartner estimates that “by 2022, API abuses will move from infrequent to the most frequent attack vector The path available and means by which an attacker can gain unauthorized access to a network, system, program, application, or device for malicious purposes., resulting in data breaches for enterprise web applications.” 1 With APIs becoming foundational to modern app development, the attack surface Attack surface refers to all entry points through which an attacker could potentially gain unauthorized access to a network or system to extract or enter data or to carry out other malicious activities. One problem with some APIs, as we’ll see shortly, is that they provide weak access control and, in some cases, none at all. ![]() The difference is that many websites at least employ some type of access control, requiring authorized users to log in. Vulnerabilities exist in every system “zero-day” vulnerabilities are those that have not yet been discovered., an API endpoint is similar to any Internet-facing web server the more free and open access the public has to a resource, the greater the potential threat from malicious actors. In terms of potential vulnerability A vulnerability is an inherent weakness in a system (hardware or software) that an attacker can potentially exploit. By design, APIs give outsiders access to your data: behind every API, there is an endpoint-the server (and its supporting databases) that responds to API requests (see Figure 1). The downside of publicly available web APIs is that they can potentially pose great risk to API providers. Understanding the Potential Risks of APIs And ultimately, APIs benefit consumers, who appreciate (and drive demand for) innovative, feature-rich, interactive apps that provide many services all in one app. ![]() APIs also benefit providers, who are able to create new revenue streams by making valuable data and services available to developers, usually for a fee. APIs benefits app developers by simplifying the coding process and granting them access to a wealth of data and resources they would not otherwise be able to access. The example we gave was a travel app, which uses web API calls to pull in availability and pricing information from various hotel, airline, cruise line, tour, car rental, and other companies. In part one, we learned that web APIs (application programming interfaces) provide a way for app developers to “call” information from outside sources into the applications they build. ![]()
0 Comments
Leave a Reply. |