Digital transformation has resulted into an API-first economy where every organization is integrating deeper with customers, partners & suppliers. APIs are the gateways powering this integration. As per a Kong report in 2023, APIs will have a projected global economic impact of $14.2 trillion by 2027 – that’s more than the GDP of the UK, Japan, France, and Australia combined. As APIs drive growth, every organization will need to implement robust security systems in place for their APIs.

The Payment Card Industry Data Security Council created PCI DSS as the global standard for protecting payment data. The PCI DSS is the compliance stick to which entities that transmit, store, handle, or accept credit card data of any size must adhere. Recently, PCI DSS came up with version 4.0. In this blog, we delve deeper into the new version and explain why securing APIs is critical for PCI DSS compliance and how organizations can do so.

The Gartner research paper “What You Need to Do to Protect Your APIs” outlines key requirements for bolstering API security measures. In this blog post, we’ll delve deeper into these requirements as introduced by Gartner, explain their significance, and demonstrate how AppSentinels offers comprehensive solutions for each requirement. As per Gartner, the second step is to assess the security of these APIs.

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about Insecure Direct Object Reference (IDOR) vulnerabilities.

Back in 2019, OWASP released its first API Top-10 list. It quickly gained widespread acceptance and acknowledgment from the industry about the challenges faced in protecting APIs. Since then, growth in APIs has continued, and the threat landscape also evolved rapidly. OWASP has released an updated API Top 10 2023 with quite a few changes from 2019 to address the changes and provide new insights and recommendations.

APIs were already ubiquitous in driving modern applications. However, the pandemic has further accelerated growth in innovation and expansion of digital services, making APIs even more widespread. In today’s world, rapid innovation would not be possible without secure APIs. Attacks on APIs are increasing exponentially. Gartner suggests API abuses are the most significant attack vector since 2022. Hence securing APIs is more critical than ever in the past.

Application Programming Interfaces (APIs) are the connecting tissue that enables the communication between applications, internal and external, and facilitate data exchange on a massive scale. In a world where information is the crown jewel of an organization, APIs are driving the delivery of digital services to customers and partners. While their usage is already exploding, the growing popularity of cloud-native technologies and microservices has only accelerated API adoption.

APIs are everywhere, enabling businesses to maximize business value. From digital transformation and application modernization to cloud migration and microservices, API-first app architectures are finding their way into every technology touchpoint, giving rise to API sprawl. Consequently, most DevOps and security teams are uncertain about all the active and exposed APIs, and are lacking proper strategies to manage API sprawl.

Application Programming Interfaces (APIs) are the building blocks of modern-day applications. This software-to-software interface enables seamless collaboration and communication between applications and consumers. APIs power SaaS and cloud apps, mobile apps, micro-services, serverless functions, IoTs and even no-code frameworks.

Before we delve into the reasons behind Optus breach, let’s see the chronology of events. According to various reports, Optus customer data was accessed via an API interface that was not secure. Apart from unauthenticated API, there was another serious issue related to easily enumerated ID’s (identifiers). These are foundational controls that were found lacking in the API implementation..