API security awareness has not been an area of emphasis in the application developer community
Boston, MA (Aug. 5, 2020) – API hacking does not require the advanced capabilities of a nation-state; even relatively inexperienced attackers can use basic tools to discover and exploit API traffic to perform credential stuffing attacks, exfiltrate databases, change account values, or conduct denial of service attacks on critical applications. This report identifies seven core competencies essential to security API development, deployment, and management, and provides recommendations for FIs, fintech companies, and InsurTech companies to improve their API security methods.
Aite Group conducted teleconference interviews with 53 application developers and security professionals representing 31 FIs and fintech and InsurTech companies in North America, Europe, and India between mid-May and mid-July 2020. Interviews focused on current practices related to creating, testing, publishing, and maintaining internal and external APIs. This report also examines specific security training practices for developers and company processes associated with reporting API security issues.
This 23-page Impact Report contains 14 figures and four tables. Clients of Aite Group’s Cybersecurity service can download this report, the corresponding charts, and the Executive Impact Deck.
Click here for the online summary or to download the table of contents.
This report mentions the API Academy, the Open Web Application Security Project (OWASP), and Smartbear.
About Aite Group
Aite Group is a global research and advisory firm delivering comprehensive, actionable advice on business, technology, and regulatory issues and their impact on the financial services industry. With expertise in banking, payments, insurance, wealth management, and the capital markets, we guide financial institutions, technology providers, and consulting firms worldwide. We partner with our clients, revealing their blind spots and delivering insights to make their businesses smarter and stronger. Visit us at www.aitegroup.com.
Source: Aite GroupTags: Aite Group, API, best practices, cyber security, InsurTech