Ninety-four of organizations surveyed by Salt Security said they had production API security
problems during the past 12 months, 20% of which noted experiencing API security gap-related data breaches, VentureBeat
More than 100 attacks have been attempted against 34% of Salt Security customers per month, 60% of which had more than 100 APIs, the survey showed. Moreover, personally identifiable information and other sensitive data have been exposed by 91% of APIs among Salt Security's customer base.
The findings indicate a need to transition from shift-left testing and security techniques to significantly more proactive API vulnerability identification and mitigation, according to Salt Security.
"If an organization is relying on shift-left capabilities alone, they put themselves at risk. At some level, customers seem to appreciate this difference. When asked which API security platform capabilities are highly important, stopping attacks came in at the top of the list, and shift-left practices was at the very bottom. The finding makes sense given the need to get safe now vs. protect future assets, but companies need to follow their own advice and get more proactive about API security," said Salt Security Vice President of Marketing Michelle McLean.