A new report from Salt Security Inc. out today has found that the amount of attack traffic targeting application programming interfaces is growing at triple the rate of regular API traffic, among other concerning findings.

The Salt Labs State of API Security Report, Q3 2021 edition, based on six months of data, reveals significant challenges in addressing API security. The report found that API security topped the list of API program concerns, with very few respondents feeling confident they can identify and stop API attacks.

In the past six months, Salt found, using its customer data shows overall API traffic has increased 141% while API attack traffic grew 348% in the same time period. The finding is illustrates the security consequences of the rapid growth in API use driven by digital transformation and information technology modernization projects.

Analyzing the most common uses for APIs, the report found that 61% of survey respondents use APIs for platform or system integrations, 52% use them to drive digital transformation and 47% use them to standardize or improve the efficiency of application and software development. However, all suffered issues, with 64% of respondents delaying application rollouts as a result of API security concerns.

Of potential concerns respondents might have about their API programs, pre-production security was the leading response at 26%, followed by concerns about the program not adequately addressing runtime security at 20%. Not driving enough observability and control rounded out the top three responses at 14%.

Nearly half of respondents said they try to identify API attackers via their WAF or API gateway, while 12% admit they have no way to identify an API attacker. Some 62% of organizations were found to have no strategy or just a basic one in place for API security.

“APIs remain one of the most vulnerable elements of any organization’s application or software stack,” said Roey Eliyahu, co-founder and chief executive officer of Salt Security. “Anecdotally, we know we find critical security vulnerabilities in the APIs of 90% of the prospects we support. This report quantifies those anecdotal findings, highlighting the API security risks companies are living with every day.”

Image: Salt Security