Brief:
APIs have become the primary target for attackers because they serve as a central access point to sensitive data and functionality, often being over-permissioned and easier to exploit than traditional cyber attacks while potentially exposing millions of records through a single vulnerability.
- 83% of all internet traffic comes from APIs
- From 2022 APIs are the most common attack vector
- Direct access to sensitive data
-
Lead to massive data breaches (examples):
-
Experian: Credit records exposed
-
Bumble: 100 million users exposed
-
LinkedIn: All user information harvested
-
Venmo: 200 million transactions exposed
-
- Over permissined
- Vulnerable to logic flaws
Classic cyberattack cycle:
Regulatory Compliance: Must balance three competing needs:
- Security
- Web applications
- Vulnerabilities testing
- Rapid Resolution
- Privacy
- Protection of the user data
- Accesibility
- Make data enough accessible
- Information blocking penalties
Ubiquitous means "present, appearing, or found everywhere" or "existing or being everywhere at the same time." In the context of APIs, when we say they are ubiquitous, it means APIs are:
Present everywhere in modern technology Used in almost all digital interactions Found across different types of applications and services Widespread and commonplace in our daily digital experiences