CINXE.COM

All eyes on APIs: Top 3 API security risks and how to mitigate them

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="canonical" href="https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/"><title>All eyes on APIs: Top 3 API security risks and how to mitigate them</title><meta content="All eyes on APIs: Top 3 API security risks and how to mitigate them" property="og:title"><meta content="https://web-assets.esetstatic.com/wls/2023/06/api-software-cybersecurity-risks.jpg" property="og:image"><meta content="As APIs are a favorite target for bad actors, the challenge of securing this glue that holds various software elements together is increasingly urgent." property="og:description"><meta content="https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/" property="og:url"><meta content="article" property="og:type"><meta name="robots" content="index, follow, max-image-preview:large, max-video-preview:-1"><meta name="description" content="As APIs are a favorite target for bad actors, the challenge of securing this glue that holds various software elements together is increasingly urgent."><meta name="twitter:title" content="All eyes on APIs: Top 3 API security risks and how to mitigate them"><meta name="twitter:description" content="As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency"><meta name="twitter:image" content="https://web-assets.esetstatic.com/wls/2023/06/api-software-cybersecurity-risks.jpg"><meta name="twitter:card" content="summary"><meta name="twitter:site" content="@welivesecurity"><meta name="twitter:creator" content="@welivesecurity"><meta name="twitter:url" content="https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/"> <!-- Preloading resources --> <link rel="preload" href="https://www.welivesecurity.com/build/assets/FedraSansAltPro-BookLF-405f3258.woff" as="font" type="font/woff" crossorigin> <link rel="preload" href="https://www.welivesecurity.com/build/assets/FedraSansAltPro-BoldLF-31f4bc72.woff" as="font" type="font/woff" crossorigin> <link rel="preload" href="https://www.welivesecurity.com/build/assets/FedraSansAltPro-DemiLF-8885b886.woff" as="font" type="font/woff" crossorigin> <link rel="preload" href="https://web-assets.esetstatic.com/tn/-x266/wls/2023/06/api-software-cybersecurity-risks.jpg" as="image" media="(max-width: 768px)"> <link rel="preload" href="https://web-assets.esetstatic.com/tn/-x425/wls/2023/06/api-software-cybersecurity-risks.jpg" as="image" media="(min-width: 768.1px)"> <link rel="modulepreload" href="https://www.welivesecurity.com/build/assets/article-header-4f98b0a2.js" /><script type="module" src="https://www.welivesecurity.com/build/assets/article-header-4f98b0a2.js"></script> <script> window.addEventListener('pageLoaded', () => { window.dispatchEvent(new CustomEvent('postPageViewed', { detail: { 'id': 6847, 'publicationId': 13018, 'name': 'All eyes on APIs: Top 3 API security risks and how to mitigate them', 'author': 'Phil Muncaster', 'category': 'Secure Coding', 'section': null, 'branch': 'en', 'date': '2023/06/01' } })); }); </script> <!-- Google Tag Manager --> <script type="module"> window.addEventListener("pageLoaded", () => { (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-PMDGSM'); }); </script> <!-- End Google Tag Manager --> <script type="module"> window.dispatchEvent(new CustomEvent("pageLoaded")); </script> <!-- Styles --> <link rel="preload" as="style" href="https://www.welivesecurity.com/build/assets/app-e06bb18e.css" /><link rel="stylesheet" href="https://www.welivesecurity.com/build/assets/app-e06bb18e.css" /> <!-- Others --> <script> window.$current_language = JSON.parse('{"id":1,"code":"en","name":"English","is_pblic":true,"is_active":true,"is_default":true,"is_rtl":false}'); </script> <script>(window.BOOMR_mq=window.BOOMR_mq||[]).push(["addVar",{"rua.upush":"false","rua.cpush":"false","rua.upre":"false","rua.cpre":"false","rua.uprl":"false","rua.cprl":"false","rua.cprf":"false","rua.trans":"","rua.cook":"false","rua.ims":"false","rua.ufprl":"false","rua.cfprl":"false","rua.isuxp":"false","rua.texp":"norulematch","rua.ceh":"false","rua.ueh":"false","rua.ieh.st":"0"}]);</script> <script>!function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="7R9SM-QGSYF-QDLJK-UETXR-SPM6B",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"7R9SM-QGSYF-QDLJK-UETXR-SPM6B";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).getTime(),i.parentNode.appendChild(r);else t(!1);if(window.addEventListener)window.addEventListener("load",a,!1);else if(window.attachEvent)window.attachEvent("onload",a)}}(),"".length>0)if(e&&"performance"in e&&e.performance&&"function"==typeof e.performance.setResourceTimingBufferSize)e.performance.setResourceTimingBufferSize();!function(){if(BOOMR=e.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var n=""=="true"?1:0,t="",a="bdpnbet4tppdaz57fzya-f-8f105c867-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,o={"ak.v":"39","ak.cp":"1251022","ak.ai":parseInt("757730",10),"ak.ol":"0","ak.cr":1,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"2116416b","ak.r":41966,"ak.a2":n,"ak.m":"dscr","ak.n":"ff","ak.bpcip":"8.222.208.0","ak.cport":40606,"ak.gh":"124.155.222.44","ak.quicv":"","ak.tlsv":"tls1.2","ak.0rtt":"","ak.0rtt.ed":"","ak.csrc":"-","ak.acc":"reno","ak.t":"1740582512","ak.ak":"hOBiQwZUYzCg5VSAfCLimQ==QQzd6b+ulvJ9AgPqNz9S/oqJkmSTerDd+L1i4JvgSd6+S3fOflBQCWed6lddY3Mg57Jx8gT4DKGa04+s79HhWTxp89kfgcJoWUaEkg2dR2gUl1sYiXKsJaRqK+oNSB+ejH/o+WLCTgCXmiAnXULxU0k9E8+BiBYEASbmkZEil1EgNMUAMQ36E7ydsYKLFN6UQfRXQ8t9veoo0Q7zG65Ib2U90OKT2E0Y71mlFBSvhohMR27Pse2JDUiv0Nms540kAa8LijPsv828Ccm1kypZrbNVrsZoHK8U+kKf0OPATjbjKrtrsNGXkebRL6/ve6li+LFGwHiji1cEyQZu+qbxYP3zJW5uI7PEUMItlbc0vzV8Kmikdl5btCGWBhA8jH1GvH2+z/8njyU5ys9F9Z95QJZzRWVXLfkG5/HQsjLKbeU=","ak.pv":"20","ak.dpoabenc":"","ak.tf":i};if(""!==t)o["ak.ruds"]=t;var r={i:!1,av:function(n){var t="http.initiator";if(n&&(!n[t]||"spa_hard"===n[t]))o["ak.feo"]=void 0!==e.aFeoApplied?1:0,BOOMR.addVar(o)},rv:function(){var e=["ak.bpcip","ak.cport","ak.cr","ak.csrc","ak.gh","ak.ipv","ak.m","ak.n","ak.ol","ak.proto","ak.quicv","ak.tlsv","ak.0rtt","ak.0rtt.ed","ak.r","ak.acc","ak.t","ak.tf"];BOOMR.removeVar(e)}};BOOMR.plugins.AK={akVars:o,akDNSPreFetchDomain:a,init:function(){if(!r.i){var e=BOOMR.subscribe;e("before_beacon",r.av,null,null),e("onbeacon",r.rv,null,null),r.i=!0}return this},is_complete:function(){return!0}}}}()}(window);</script></head> <body> <!-- Google Tag Manager (noscript) --> <noscript> <iframe src=https://www.googletagmanager.com/ns.html?id=GTM-PMDGSM height="0" width="0" style="display:none;visibility:hidden"></iframe> </noscript> <!-- End Google Tag Manager (noscript) --> <div id="app" > <!-- navbar --> <header id="wls-nav-header" class="wls-header navbar sticky-top navbar-expand-lg has-shadow"> <div class="container first-line"> <a class="header-brand" href="/en/" title="WeLiveSecurity"> <?xml version="1.0" encoding="UTF-8"?><svg id="Layer_2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 290 31.7919"><defs><style>.cls-1{fill:#0b8690;}.cls-2{fill:#053b44;}</style></defs><g id="Layer_1-2"><g><path class="cls-2" d="M0,8.6081H5.1069l2.869,10.7299,3.3282-10.845h4.3616l3.3833,10.845,2.9261-10.7879h4.9947l-5.51,17.8465h-4.5336l-3.3833-10.903-3.5012,10.903H5.451L0,8.6081Zm26.6257,9.0093h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3955c.3233,2.123,2.219,3.6443,4.3616,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.8729,2.5259c-1.7441,2.1958-4.4284,3.4313-7.2306,3.3282-4.9064,.227-9.0678-3.5664-9.2947-8.4728-.0109-.236-.0124-.4724-.0045-.7085Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7303-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5747Zm57.842,7.9179l2.1266-3.3282c1.5999,1.2513,3.5393,1.9923,5.566,2.1267,1.4345,0,2.1266-.5162,2.1266-1.3195v-.057c0-1.0904-1.7216-1.4345-3.6733-2.0658-2.4679-.7463-5.2789-1.8937-5.2789-5.3369v-.057c0-3.6153,2.9261-5.6231,6.4843-5.6231,2.3553,.0234,4.6511,.742,6.5994,2.0658l-1.8937,3.5003c-1.4459-.9422-3.1015-1.5139-4.8207-1.6646-1.2054,0-1.8366,.5162-1.8366,1.2054v.057c0,.9754,1.6646,1.4345,3.6153,2.1267,2.4679,.8033,5.3369,2.0087,5.3369,5.2789v.057c0,3.9633-2.9261,5.7381-6.7666,5.7381-2.7543-.0573-5.4158-1.006-7.5854-2.7037Zm15.4356-6.4264h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3375c.3233,2.123,2.219,3.6443,4.3616,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.869,2.5249c-1.744,2.1959-4.4283,3.4315-7.2306,3.3282-5.3901,.001-9.3534-3.7835-9.3534-9.1804Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7303-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5747Zm6.1412,1.4906h0c-.0992-5.0349,3.9019-9.197,8.9368-9.2964h.3596c2.6878-.1539,5.2947,.9485,7.0566,2.9841l-3.0991,3.3282c-.9721-1.2277-2.4505-1.9458-4.0165-1.9507-2.5249,0-4.3036,2.2378-4.3036,4.8198v.057c0,2.697,1.7787,4.8778,4.4756,4.8778,1.5606-.0446,3.0342-.7295,4.0745-1.8937l2.9261,2.9841c-1.7686,2.1577-4.4423,3.3673-7.2306,3.2712-5.0035,.0682-9.115-3.9326-9.1832-8.9361,0-.0009,0-.0017,0-.0026,.0026-.0806,.0038-.1614,.0039-.2426Zm17.9606,2.5249V8.6642h5.0498v9.8706c0,2.4099,1.1474,3.6153,3.0411,3.6153s3.1562-1.2054,3.1562-3.6153V8.6071h5.0498V26.3386h-5.0498v-2.5249c-1.1459,1.7743-3.1079,2.8527-5.22,2.869-3.7893,.001-6.0271-2.4669-6.0271-6.5414Zm18.4767-11.5342h5.0498v3.5573c1.0324-2.4679,2.697-4.0165,5.6811-3.9024v5.2789h-.29c-3.3282,0-5.3939,2.0087-5.3939,6.2543v6.5414h-5.047V8.6071Zm12.5666,0h5.0498V26.3386h-5.0498V8.6071Zm8.9561,12.7396V12.9117h-2.1267v-4.3036h2.1267V4.0745h5.0498v4.5336h4.1885v4.3036h-4.1924v7.5747c0,1.1474,.5162,1.7216,1.6066,1.7216,.8637,.0094,1.7148-.2083,2.4679-.6312v4.0165c-1.1964,.7132-2.571,1.0716-3.9633,1.0334-3.0952,.057-5.1571-1.2054-5.1571-5.2799Zm11.4153,9.1813l1.6646-3.6153c.6415,.4009,1.372,.6373,2.1267,.6883,.7821,.0558,1.5071-.4118,1.7787-1.1474l-6.9474-17.7885h5.3369l4.0165,12.1074,3.8444-12.1074h5.22l-6.7666,18.1326c-1.3775,3.6153-2.812,4.9928-5.8531,4.9928-1.5664,.0294-3.1059-.4102-4.4205-1.2625ZM182.4783,1.3195c1.3945,0,2.5249,1.1304,2.5249,2.5249s-1.1304,2.5249-2.5249,2.5249-2.5249-1.1304-2.5249-2.5249,1.1304-2.5249,2.5249-2.5249Zm38.8471,2.754v2.1267h-.6312v-2.1267h-.8603v-.5162h2.3528v.4592h-.8603l-.0009,.057Zm4.0755,2.1238v-1.7796l-.8033,1.7787h-.6312l-.7463-1.7787,.057,.3441v1.3775h-.5732V3.5573h.7463l.8603,2.0658,.9753-2.0658h.6883v2.6399h-.5732Z" /><path class="cls-1" d="M46.2508,2.2378h5.0498V26.3956h-5.0498V2.2378Zm7.9189,6.3693h5.0498V26.3386h-5.0498V8.6071Zm6.5414,0h5.3369l3.9633,11.8783,4.0126-11.8783h5.22l-7.0005,17.8465h-4.5907l-6.9416-17.8465Zm17.9035,9.0102h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3375c.3232,2.1226,2.2184,3.6438,4.3606,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.869,2.5249c-1.744,2.1959-4.4283,3.4315-7.2306,3.3282-5.3891,.001-9.3524-3.7835-9.3524-9.1804Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7294-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5738ZM56.6366,0c-1.7746,0-3.2132,1.4386-3.2132,3.2132,0,1.7746,1.4386,3.2132,3.2132,3.2132,1.7746,0,3.2132-1.4386,3.2132-3.2132h0c-.0188-1.7667-1.4464-3.1943-3.2132-3.2132Zm0,4.5907c-.7567-.0094-1.3677-.6208-1.3765-1.3775-.0202-.7605,.58-1.3933,1.3405-1.4135,.7605-.0202,1.3933,.58,1.4135,1.3405,.0006,.0243,.0006,.0487,0,.073-.0089,.7571-.6204,1.3686-1.3775,1.3775Zm191.3425,4.0213c-2.2021-.0287-4.2611,1.0885-5.4375,2.9502-.9299,1.6095-1.1339,4.233-1.1339,5.9711s.2049,4.3596,1.1339,5.9691c1.1767,1.8615,3.2355,2.9785,5.4375,2.9502h34.4972c2.2018,.0283,4.2603-1.0888,5.4365-2.9502,.928-1.6095,1.1349-4.233,1.1349-5.9711s-.2069-4.3567-1.1349-5.9662c-1.1762-1.8615-3.2347-2.9786-5.4365-2.9502l-34.4972-.0029Zm22.9572,7.9392h2.9v-.0899c0-1.3272-.5326-1.4268-1.4896-1.4268-1.16,0-1.3794,.377-1.4133,1.5167m-20.3859-1.4297c.9512,0,1.4635,.0967,1.4635,1.3997v.0628h-2.8487c.0319-1.1165,.2591-1.4626,1.3852-1.4626m-4.0233,2.463c0,3.1262,.783,4.2533,4.0745,4.2533,1.0071,.0751,2.0175-.0927,2.9464-.4891,.7808-.4894,1.2122-1.3829,1.1097-2.2987h-2.5965c-.0271,.8903-.6322,.9821-1.4626,.9821-1.1996,0-1.4336-.4833-1.4336-1.9788v-.0638h5.4887v-.405c0-3.4123-.9231-4.2668-4.06-4.2668-3.3553,0-4.0745,1.044-4.0745,4.2668m9.8793-1.5621c0,1.6665,.5742,2.4476,4.0735,2.4476,.3744-.0275,.7508,.0097,1.1126,.1102,.2736,.1199,.4021,.3586,.4021,.7927,0,.726-.2658,.8043-1.5128,.8043-.6931,0-1.3987-.0155-1.4307-.9502h-2.6438c.0203,1.8425,.8932,2.4447,2.5085,2.5732,.4882,.0377,1.0188,.0348,1.565,.0348,2.2233,0,4.0735-.3712,4.0735-2.7849,0-2.2997-1.1996-2.463-4.0745-2.5288-1.4268-.0319-1.5109-.3316-1.5109-.8043,0-.5616,.0619-.7405,1.5119-.7405,.5317,0,1.0633,.0474,1.1822,.7086h2.4882v-.3393c0-2.001-2.0967-2.03-3.6733-2.03-2.3625,0-4.0735,.0532-4.0735,2.7066m21.6744-2.7066h6.5018v1.9005h-1.9333v6.525h-2.6274v-6.524h-1.9333l-.0077-1.9014Zm-9.7275,4.2059c0-3.2122,.7086-4.2398,4.0464-4.2398,3.1194,0,4.031,.842,4.031,4.2398v.376h-5.4896v.0909c0,1.4945,.2359,2.0058,1.4587,2.0058,.8226,0,1.45-.0909,1.4896-.9821h2.5413c.0948,.8946-.3269,1.7653-1.0875,2.2456-.9243,.3931-1.9294,.5588-2.9309,.4833-3.276,0-4.0464-1.1088-4.0464-4.2224m-23.7624,5.7874c-1.3214-1.421-1.6134-3.652-1.6134-5.7739s.29-4.35,1.6134-5.7758c1.0333-.9868,2.3994-1.5498,3.828-1.5776h17.7865v14.7048h-17.7865c-1.4285-.0278-2.7946-.5908-3.828-1.5776m43.7423-16.12c.0004-.036-.009-.0714-.0271-.1025-.0116-.0387-.0445-.0628-.086-.0899-.0385-.0194-.0807-.0303-.1237-.0319-.0559-.0087-.1126-.0123-.1692-.0106h-.1508v.5394h.115c.0678,.0013,.1357-.0022,.203-.0106,.0495-.0114,.0968-.0307,.1402-.057,.0317-.0265,.0574-.0594,.0754-.0967,.016-.0456,.0235-.0938,.0222-.1421m.8226,1.3533h-.61l-.5742-.7086h-.1933v.7066h-.4679v-1.913h.7269c.1085-.0031,.2172,.0024,.3248,.0164,.0855,.0088,.1681,.0355,.2426,.0783,.0789,.0405,.1456,.1012,.1933,.1759,.0425,.0819,.0625,.1737,.058,.2658,.0044,.1242-.0384,.2454-.1199,.3393-.0832,.0952-.1884,.1685-.3064,.2136l.7259,.8255Zm.4186-.9203c.0053-.4029-.1547-.7903-.4427-1.072-.2749-.2868-.6574-.4452-1.0546-.4369-.3998-.0086-.7851,.1497-1.0633,.4369-.5856,.5955-.5856,1.5505,0,2.146,.5715,.5851,1.5091,.5962,2.0942,.0247,.0083-.0081,.0166-.0164,.0247-.0247,.289-.2818,.4492-.6703,.4427-1.074m.4253,0c.0069,.5131-.1972,1.0066-.5645,1.3649-.7536,.747-1.9685,.747-2.7221,0-.3705-.3563-.5758-.851-.5665-1.3649-.0083-.5104,.1971-1.001,.5665-1.3533,.7441-.75,1.955-.7561,2.7066-.0135l.0135,.0135c.3662,.3543,.5704,.8438,.5645,1.3533m-64.0238,6.7637h2.1044c1.5563,0,2.32,.6206,2.32,1.74,.0109,.539-.2936,1.0349-.7791,1.2692v.0242c.7243,.1716,1.2395,.8131,1.2509,1.5573,0,1.16-.6767,1.9652-2.5133,1.9652h-2.3828v-6.5559Zm2.0483,2.7588c.7414,0,1.1126-.2591,1.1126-.8893,0-.6767-.4456-.899-1.2799-.899h-.6109v1.7883h.7782Zm.2127,2.7898c.87,0,1.362-.2223,1.362-.9261s-.5007-.9667-1.4829-.9667h-.87v1.8908l.9908,.0019Zm4.9406-1.248l-2.32-4.3007h1.4548l1.5418,3.2267,1.6433-3.2248h1.4084l-2.4659,4.2726v2.2775h-1.2566l-.0058-2.2514Z" /></g></g></svg> </a> <p> Award-winning news, views, and insight from the ESET security community </p> <div class="ms-auto"> <div class="language-picker dropdown"><div class="language-picker-wrapper"><button class="btn dropdown-toggle" type="button" data-bs-toggle="dropdown"aria-expanded="false">English</button><ul class="dropdown-menu dropdown-menu-center"><a class="dropdown-item" href="/es/" title="Español">Español</a><a class="dropdown-item" href="/de/" title="Deutsch">Deutsch</a><a class="dropdown-item" href="/pt/" title="Português">Português</a><a class="dropdown-item" href="/fr/" title="Français">Français</a></ul></div></div> </div> </div> <div class="second-line"> <div class="container"> <div class="navbar-header"> <a class="header-brand" href="/en/" title="WeLiveSecurity"> <?xml version="1.0" encoding="UTF-8"?><svg id="Layer_2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 290 31.7919"><defs><style>.cls-1{fill:#0b8690;}.cls-2{fill:#053b44;}</style></defs><g id="Layer_1-2"><g><path class="cls-2" d="M0,8.6081H5.1069l2.869,10.7299,3.3282-10.845h4.3616l3.3833,10.845,2.9261-10.7879h4.9947l-5.51,17.8465h-4.5336l-3.3833-10.903-3.5012,10.903H5.451L0,8.6081Zm26.6257,9.0093h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3955c.3233,2.123,2.219,3.6443,4.3616,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.8729,2.5259c-1.7441,2.1958-4.4284,3.4313-7.2306,3.3282-4.9064,.227-9.0678-3.5664-9.2947-8.4728-.0109-.236-.0124-.4724-.0045-.7085Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7303-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5747Zm57.842,7.9179l2.1266-3.3282c1.5999,1.2513,3.5393,1.9923,5.566,2.1267,1.4345,0,2.1266-.5162,2.1266-1.3195v-.057c0-1.0904-1.7216-1.4345-3.6733-2.0658-2.4679-.7463-5.2789-1.8937-5.2789-5.3369v-.057c0-3.6153,2.9261-5.6231,6.4843-5.6231,2.3553,.0234,4.6511,.742,6.5994,2.0658l-1.8937,3.5003c-1.4459-.9422-3.1015-1.5139-4.8207-1.6646-1.2054,0-1.8366,.5162-1.8366,1.2054v.057c0,.9754,1.6646,1.4345,3.6153,2.1267,2.4679,.8033,5.3369,2.0087,5.3369,5.2789v.057c0,3.9633-2.9261,5.7381-6.7666,5.7381-2.7543-.0573-5.4158-1.006-7.5854-2.7037Zm15.4356-6.4264h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3375c.3233,2.123,2.219,3.6443,4.3616,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.869,2.5249c-1.744,2.1959-4.4283,3.4315-7.2306,3.3282-5.3901,.001-9.3534-3.7835-9.3534-9.1804Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7303-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5747Zm6.1412,1.4906h0c-.0992-5.0349,3.9019-9.197,8.9368-9.2964h.3596c2.6878-.1539,5.2947,.9485,7.0566,2.9841l-3.0991,3.3282c-.9721-1.2277-2.4505-1.9458-4.0165-1.9507-2.5249,0-4.3036,2.2378-4.3036,4.8198v.057c0,2.697,1.7787,4.8778,4.4756,4.8778,1.5606-.0446,3.0342-.7295,4.0745-1.8937l2.9261,2.9841c-1.7686,2.1577-4.4423,3.3673-7.2306,3.2712-5.0035,.0682-9.115-3.9326-9.1832-8.9361,0-.0009,0-.0017,0-.0026,.0026-.0806,.0038-.1614,.0039-.2426Zm17.9606,2.5249V8.6642h5.0498v9.8706c0,2.4099,1.1474,3.6153,3.0411,3.6153s3.1562-1.2054,3.1562-3.6153V8.6071h5.0498V26.3386h-5.0498v-2.5249c-1.1459,1.7743-3.1079,2.8527-5.22,2.869-3.7893,.001-6.0271-2.4669-6.0271-6.5414Zm18.4767-11.5342h5.0498v3.5573c1.0324-2.4679,2.697-4.0165,5.6811-3.9024v5.2789h-.29c-3.3282,0-5.3939,2.0087-5.3939,6.2543v6.5414h-5.047V8.6071Zm12.5666,0h5.0498V26.3386h-5.0498V8.6071Zm8.9561,12.7396V12.9117h-2.1267v-4.3036h2.1267V4.0745h5.0498v4.5336h4.1885v4.3036h-4.1924v7.5747c0,1.1474,.5162,1.7216,1.6066,1.7216,.8637,.0094,1.7148-.2083,2.4679-.6312v4.0165c-1.1964,.7132-2.571,1.0716-3.9633,1.0334-3.0952,.057-5.1571-1.2054-5.1571-5.2799Zm11.4153,9.1813l1.6646-3.6153c.6415,.4009,1.372,.6373,2.1267,.6883,.7821,.0558,1.5071-.4118,1.7787-1.1474l-6.9474-17.7885h5.3369l4.0165,12.1074,3.8444-12.1074h5.22l-6.7666,18.1326c-1.3775,3.6153-2.812,4.9928-5.8531,4.9928-1.5664,.0294-3.1059-.4102-4.4205-1.2625ZM182.4783,1.3195c1.3945,0,2.5249,1.1304,2.5249,2.5249s-1.1304,2.5249-2.5249,2.5249-2.5249-1.1304-2.5249-2.5249,1.1304-2.5249,2.5249-2.5249Zm38.8471,2.754v2.1267h-.6312v-2.1267h-.8603v-.5162h2.3528v.4592h-.8603l-.0009,.057Zm4.0755,2.1238v-1.7796l-.8033,1.7787h-.6312l-.7463-1.7787,.057,.3441v1.3775h-.5732V3.5573h.7463l.8603,2.0658,.9753-2.0658h.6883v2.6399h-.5732Z" /><path class="cls-1" d="M46.2508,2.2378h5.0498V26.3956h-5.0498V2.2378Zm7.9189,6.3693h5.0498V26.3386h-5.0498V8.6071Zm6.5414,0h5.3369l3.9633,11.8783,4.0126-11.8783h5.22l-7.0005,17.8465h-4.5907l-6.9416-17.8465Zm17.9035,9.0102h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3375c.3232,2.1226,2.2184,3.6438,4.3606,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.869,2.5249c-1.744,2.1959-4.4283,3.4315-7.2306,3.3282-5.3891,.001-9.3524-3.7835-9.3524-9.1804Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7294-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5738ZM56.6366,0c-1.7746,0-3.2132,1.4386-3.2132,3.2132,0,1.7746,1.4386,3.2132,3.2132,3.2132,1.7746,0,3.2132-1.4386,3.2132-3.2132h0c-.0188-1.7667-1.4464-3.1943-3.2132-3.2132Zm0,4.5907c-.7567-.0094-1.3677-.6208-1.3765-1.3775-.0202-.7605,.58-1.3933,1.3405-1.4135,.7605-.0202,1.3933,.58,1.4135,1.3405,.0006,.0243,.0006,.0487,0,.073-.0089,.7571-.6204,1.3686-1.3775,1.3775Zm191.3425,4.0213c-2.2021-.0287-4.2611,1.0885-5.4375,2.9502-.9299,1.6095-1.1339,4.233-1.1339,5.9711s.2049,4.3596,1.1339,5.9691c1.1767,1.8615,3.2355,2.9785,5.4375,2.9502h34.4972c2.2018,.0283,4.2603-1.0888,5.4365-2.9502,.928-1.6095,1.1349-4.233,1.1349-5.9711s-.2069-4.3567-1.1349-5.9662c-1.1762-1.8615-3.2347-2.9786-5.4365-2.9502l-34.4972-.0029Zm22.9572,7.9392h2.9v-.0899c0-1.3272-.5326-1.4268-1.4896-1.4268-1.16,0-1.3794,.377-1.4133,1.5167m-20.3859-1.4297c.9512,0,1.4635,.0967,1.4635,1.3997v.0628h-2.8487c.0319-1.1165,.2591-1.4626,1.3852-1.4626m-4.0233,2.463c0,3.1262,.783,4.2533,4.0745,4.2533,1.0071,.0751,2.0175-.0927,2.9464-.4891,.7808-.4894,1.2122-1.3829,1.1097-2.2987h-2.5965c-.0271,.8903-.6322,.9821-1.4626,.9821-1.1996,0-1.4336-.4833-1.4336-1.9788v-.0638h5.4887v-.405c0-3.4123-.9231-4.2668-4.06-4.2668-3.3553,0-4.0745,1.044-4.0745,4.2668m9.8793-1.5621c0,1.6665,.5742,2.4476,4.0735,2.4476,.3744-.0275,.7508,.0097,1.1126,.1102,.2736,.1199,.4021,.3586,.4021,.7927,0,.726-.2658,.8043-1.5128,.8043-.6931,0-1.3987-.0155-1.4307-.9502h-2.6438c.0203,1.8425,.8932,2.4447,2.5085,2.5732,.4882,.0377,1.0188,.0348,1.565,.0348,2.2233,0,4.0735-.3712,4.0735-2.7849,0-2.2997-1.1996-2.463-4.0745-2.5288-1.4268-.0319-1.5109-.3316-1.5109-.8043,0-.5616,.0619-.7405,1.5119-.7405,.5317,0,1.0633,.0474,1.1822,.7086h2.4882v-.3393c0-2.001-2.0967-2.03-3.6733-2.03-2.3625,0-4.0735,.0532-4.0735,2.7066m21.6744-2.7066h6.5018v1.9005h-1.9333v6.525h-2.6274v-6.524h-1.9333l-.0077-1.9014Zm-9.7275,4.2059c0-3.2122,.7086-4.2398,4.0464-4.2398,3.1194,0,4.031,.842,4.031,4.2398v.376h-5.4896v.0909c0,1.4945,.2359,2.0058,1.4587,2.0058,.8226,0,1.45-.0909,1.4896-.9821h2.5413c.0948,.8946-.3269,1.7653-1.0875,2.2456-.9243,.3931-1.9294,.5588-2.9309,.4833-3.276,0-4.0464-1.1088-4.0464-4.2224m-23.7624,5.7874c-1.3214-1.421-1.6134-3.652-1.6134-5.7739s.29-4.35,1.6134-5.7758c1.0333-.9868,2.3994-1.5498,3.828-1.5776h17.7865v14.7048h-17.7865c-1.4285-.0278-2.7946-.5908-3.828-1.5776m43.7423-16.12c.0004-.036-.009-.0714-.0271-.1025-.0116-.0387-.0445-.0628-.086-.0899-.0385-.0194-.0807-.0303-.1237-.0319-.0559-.0087-.1126-.0123-.1692-.0106h-.1508v.5394h.115c.0678,.0013,.1357-.0022,.203-.0106,.0495-.0114,.0968-.0307,.1402-.057,.0317-.0265,.0574-.0594,.0754-.0967,.016-.0456,.0235-.0938,.0222-.1421m.8226,1.3533h-.61l-.5742-.7086h-.1933v.7066h-.4679v-1.913h.7269c.1085-.0031,.2172,.0024,.3248,.0164,.0855,.0088,.1681,.0355,.2426,.0783,.0789,.0405,.1456,.1012,.1933,.1759,.0425,.0819,.0625,.1737,.058,.2658,.0044,.1242-.0384,.2454-.1199,.3393-.0832,.0952-.1884,.1685-.3064,.2136l.7259,.8255Zm.4186-.9203c.0053-.4029-.1547-.7903-.4427-1.072-.2749-.2868-.6574-.4452-1.0546-.4369-.3998-.0086-.7851,.1497-1.0633,.4369-.5856,.5955-.5856,1.5505,0,2.146,.5715,.5851,1.5091,.5962,2.0942,.0247,.0083-.0081,.0166-.0164,.0247-.0247,.289-.2818,.4492-.6703,.4427-1.074m.4253,0c.0069,.5131-.1972,1.0066-.5645,1.3649-.7536,.747-1.9685,.747-2.7221,0-.3705-.3563-.5758-.851-.5665-1.3649-.0083-.5104,.1971-1.001,.5665-1.3533,.7441-.75,1.955-.7561,2.7066-.0135l.0135,.0135c.3662,.3543,.5704,.8438,.5645,1.3533m-64.0238,6.7637h2.1044c1.5563,0,2.32,.6206,2.32,1.74,.0109,.539-.2936,1.0349-.7791,1.2692v.0242c.7243,.1716,1.2395,.8131,1.2509,1.5573,0,1.16-.6767,1.9652-2.5133,1.9652h-2.3828v-6.5559Zm2.0483,2.7588c.7414,0,1.1126-.2591,1.1126-.8893,0-.6767-.4456-.899-1.2799-.899h-.6109v1.7883h.7782Zm.2127,2.7898c.87,0,1.362-.2223,1.362-.9261s-.5007-.9667-1.4829-.9667h-.87v1.8908l.9908,.0019Zm4.9406-1.248l-2.32-4.3007h1.4548l1.5418,3.2267,1.6433-3.2248h1.4084l-2.4659,4.2726v2.2775h-1.2566l-.0058-2.2514Z" /></g></g></svg> </a> <div class="me-2"> <button class=" navbar-toggler button-hamburger collapsed d-flex d-lg-none flex-column justify-content-around" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="This is toggle button"><span class="toggler-icon top-bar"></span><span class="toggler-icon middle-bar"></span><span class="toggler-icon bottom-bar"></span></button> </div> </div> <nav id="navbarNavDropdown" class="collapse navbar-collapse page-navbar"><ul class="navbar-nav"><li class="nav-item d-lg-none"><div class="search-bar-input"><search-bar-component placeholder="Search WeLiveSecurity"class="search-bar-component-wrapper"></search-bar-component></div></li><li class="nav-item"><a class="nav-link" href="/en/tips-advice/" title="TIPS &amp; ADVICE"><span class="">TIPS &amp; ADVICE</span></a></li><hr class="articles-card-divider px-0 m-0" /><li class="nav-item"><a class="nav-link" href="/en/business-security/" title="BUSINESS SECURITY"><span class="">BUSINESS SECURITY</span></a></li><hr class="articles-card-divider px-0 m-0" /><li class="nav-item dropdown"><a class="nav-link dropdown-toggle" href="" title="ESET RESEARCH" role="button" data-bs-toggle="dropdown"aria-expanded="false">ESET RESEARCH</a><div class="dropdown-menu dropdown-menu-center"><div class="dropdown-items-wrapper"><a class="dropdown-item" href="/en/about-eset-research/" title="About ESET Research"><span class="">About ESET Research</span></a><a class="dropdown-item" href="/en/eset-research/" title="Blogposts"><span class="">Blogposts</span></a><a class="dropdown-item" href="/en/podcasts/" title="Podcasts"><span class="">Podcasts</span></a><a class="dropdown-item" href="/en/white-papers/" title="White papers"><span class="">White papers</span></a><a class="dropdown-item" href="/en/threat-reports/" title="Threat reports"><span class="">Threat reports</span></a></div></div></li><hr class="articles-card-divider px-0 m-0" /><li class="nav-item"><a class="nav-link" href="/en/we-live-science/" title="WeLiveScience"><span class="button-link">WeLiveScience</span></a></li><hr class="articles-card-divider px-0 m-0" /><li class="nav-item dropdown"><a class="nav-link dropdown-toggle" href="" title="FEATURED" role="button" data-bs-toggle="dropdown"aria-expanded="false">FEATURED</a><div class="dropdown-menu dropdown-menu-center"><div class="dropdown-items-wrapper"><a class="dropdown-item" href="/en/ukraine-crisis-digital-security-resource-center/" title="Ukraine crisis – Digital security resource center"><span class="">Ukraine crisis – Digital security resource center</span></a><a class="dropdown-item" href="/en/we-live-progress/" title="WeLiveProgress"><span class="">WeLiveProgress</span></a><a class="dropdown-item" href="/en/covid-19/" title="COVID-19"><span class="">COVID-19</span></a><a class="dropdown-item" href="/en/resources/" title="Resources"><span class="">Resources</span></a><a class="dropdown-item" href="/en/videos/" title="Videos"><span class="">Videos</span></a></div></div></li><hr class="articles-card-divider px-0 m-0" /><li class="nav-item dropdown"><a class="nav-link dropdown-toggle" href="" title="TOPICS" role="button" data-bs-toggle="dropdown"aria-expanded="false">TOPICS</a><div class="dropdown-menu dropdown-menu-center"><div class="dropdown-items-wrapper"><a class="dropdown-item" href="/en/cybersecurity/" title="Digital Security"><span class="">Digital Security</span></a><a class="dropdown-item" href="/en/scams/" title="Scams"><span class="">Scams</span></a><a class="dropdown-item" href="/en/how-to/" title="How to"><span class="">How to</span></a><a class="dropdown-item" href="/en/privacy/" title="Privacy"><span class="">Privacy</span></a><a class="dropdown-item" href="/en/cybercrime/" title="Cybercrime"><span class="">Cybercrime</span></a><a class="dropdown-item" href="/en/kids-online/" title="Kids online"><span class="">Kids online</span></a><a class="dropdown-item" href="/en/social-media/" title="Social media"><span class="">Social media</span></a><a class="dropdown-item" href="/en/internet-of-things/" title="Internet of Things"><span class="">Internet of Things</span></a><a class="dropdown-item" href="/en/malware/" title="Malware"><span class="">Malware</span></a><a class="dropdown-item" href="/en/ransomware/" title="Ransomware"><span class="">Ransomware</span></a><a class="dropdown-item" href="/en/secure-coding/" title="Secure coding"><span class="">Secure coding</span></a><a class="dropdown-item" href="/en/mobile-security/" title="Mobile security"><span class="">Mobile security</span></a><a class="dropdown-item" href="/en/critical-infrastructure/" title="Critical infrastructure"><span class="">Critical infrastructure</span></a><a class="dropdown-item" href="/en/about-eset-research/" title="Threat research"><span class="">Threat research</span></a></div></div></li><hr class="articles-card-divider px-0 m-0" /><li class="nav-item dropdown"><a class="nav-link dropdown-toggle" href="" title="ABOUT US" role="button" data-bs-toggle="dropdown"aria-expanded="false">ABOUT US</a><div class="dropdown-menu dropdown-menu-center"><div class="dropdown-items-wrapper"><a class="dropdown-item" href="/en/company/about-us/" title="About WeLiveSecurity"><span class="">About WeLiveSecurity</span></a><a class="dropdown-item" href="/en/our-experts/" title="Our Experts"><span class="">Our Experts</span></a><a class="dropdown-item" href="/en/company/contact-us/" title="Contact Us"><span class="">Contact Us</span></a></div></div></li><hr class="articles-card-divider px-0 m-0" /><li class="nav-item dropdown d-lg-none"><a class="nav-link dropdown-toggle languages" href="/en/" title="English" role="button"data-bs-toggle="dropdown" aria-expanded="false">English</a><div class="dropdown-menu dropdown-menu-center"><div class="dropdown-items-wrapper"><a class="dropdown-item" href="/es/" title="Español">Español</a><a class="dropdown-item" href="/de/" title="Deutsch">Deutsch</a><a class="dropdown-item" href="/pt/" title="Português">Português</a><a class="dropdown-item" href="/fr/" title="Français">Français</a></div></div></li><li class="nav-item ms-auto d-none d-lg-block"><button class="nav-link ms-auto search-button-close" type="button" data-bs-toggle="collapse"data-bs-target=".search-bar-wrapper" aria-expanded="false"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.9485 19.9001" fill="#424D56"><path d="m19.5429,17.9473l-4.86-4.852c2.7034-3.5802,1.9927-8.674-1.5874-11.3774C9.5153-.9856,4.4214-.2749,1.718,3.3053-.9854,6.8854-.2747,11.9793,3.3055,14.6827c1.4094,1.0643,3.1273,1.6402,4.8934,1.6406,1.7749.0083,3.5023-.5739,4.91-1.655l4.883,4.829c.207.2113.4912.329.787.326.2948-.0022.5771-.1191.787-.326.4163-.4365.406-1.126-.023-1.55Zm-11.316-3.821c-3.2811-.0017-5.9396-2.663-5.9378-5.9442.0017-3.2811,2.663-5.9396,5.9442-5.9378,1.5726.0008,3.0806.6251,4.1937,1.736,1.1259,1.1056,1.7528,2.6221,1.736,4.2-.0007,1.5744-.6249,3.0845-1.736,4.2-1.1067,1.1254-2.6216,1.7552-4.2,1.746Z" /></svg></button></li></ul><div class="search-bar"><div class="collapse search-bar-wrapper"><div class="search-bar-input"><search-bar-component placeholder="Search WeLiveSecurity"class="search-bar-component-wrapper"></search-bar-component><button class="nav-link search-button-close" type="button" data-bs-toggle="collapse"data-bs-target=".search-bar-wrapper" aria-expanded="false"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 18.1065 18.0626"><polygon points="10.6883 9.0363 17.4683 15.8163 15.8383 17.4463 9.0583 10.6663 2.2683 17.4463 .6383 15.8163 7.4283 9.0363 .6383 2.2463 2.2683 .6163 9.0583 7.4063 15.8383 .6163 17.4683 2.2463 10.6883 9.0363" /></svg></button></div></div></div></nav> </div> </div> <div class="additional-info d-none"> <div class="container"> <p> Award-winning news, views, and insight from the ESET security community </p> </div> </div> </header> <!-- main content --> <div id="main"> <div class="container article-page py-5"> <div class="row"> <div class="col col-lg-8 pe-lg-0"> <div class="article-header"> <div class="article-tags mb-2 dark big"><p class="article-tag text-capitalize">Secure Coding</p></div> <h1 class="page-headline">All eyes on APIs: Top 3 API security risks and how to mitigate them</h1> <p class="sub-title">As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency</p> <div class="article-authors d-flex flex-wrap"><div class="article-author d-flex"><a href="/en/our-experts/phil-muncaster/" title="Phil Muncaster"><picture><source srcset="https://web-assets.esetstatic.com/tn/-x45/wls/2021/04/Phil_Muncaster.jpg" media="(max-width: 768px)" /><img class="author-image me-3" src="https://web-assets.esetstatic.com/tn/-x45/wls/2021/04/Phil_Muncaster.jpg" alt="Phil Muncaster" /></picture></a><div class="author-text"><p><a href="/en/our-experts/phil-muncaster/" title="Phil Muncaster"><b>Phil Muncaster</b></a></p></div></div></div> <p class="article-info mb-5"> <span>01 Jun 2023</span> <span class="d-none d-lg-inline">&nbsp;&bull;&nbsp;</span> <span class="d-inline d-lg-none">, </span> <span>4 min. read</span> </p> <div class="hero-image-container"> <picture><source srcset="https://web-assets.esetstatic.com/tn/-x266/wls/2023/06/api-software-cybersecurity-risks.jpg" media="(max-width: 768px)" /><source srcset="https://web-assets.esetstatic.com/tn/-x425/wls/2023/06/api-software-cybersecurity-risks.jpg" media="(max-width: 1120px)" /><img class="hero-image" src="https://web-assets.esetstatic.com/tn/-x700/wls/2023/06/api-software-cybersecurity-risks.jpg" alt="All eyes on APIs: Top 3 API security risks and how to mitigate them" /></picture> </div> </div> <div class="article-body"> <p>The application programming interface (API) is an unsung hero of the digital revolution. It provides the glue that sticks together diverse software components in order to create new user experiences. But in providing a direct path to back-end databases, APIs are also an <a href="https://www.welivesecurity.com/2022/06/10/rsa-apis-your-organizations-dedicated-backdoors/" target="_blank" rel="noopener">attractive target for threat actors</a>. It doesn’t help that they have exploded in number over recent years, leading many deployments to go undocumented and unsecured.</p> <p>According to <a href="https://www.infosecurity-magazine.com/news/api-attacks-increase-400-last-six/" target="_blank" rel="noopener">one recent study</a>, 94% of global organizations have experienced API security problems in production over the past year with nearly a fifth (17%) suffering an API-related breach. It’s time to gain visibility and control of these digital building blocks.</p> <h2>How bad are API threats?</h2> <p>APIs are key to the <a href="https://www.gartner.com/en/doc/465932-future-of-applications-delivering-the-composable-enterprise" target="_blank" rel="noopener">composable enterprise</a>: a Gartner concept in which organizations are encouraged to break their applications down into <a href="https://www.walkme.com/glossary/composable-enterprise/" target="_blank" rel="noopener">packaged business capabilities</a> (PBCs). The idea is that assembling these smaller components in various ways enables enterprises to move more nimbly at greater speed – creating new functionality and experiences in response to rapidly evolving business needs. APIs are a critical component of PBCs whose use has surged of late with the increased adoption of microservices architectures.</p> <p>Nearly all (97%) global IT leaders <a href="https://www.businesswire.com/news/home/20220131005216/en/97-of-Enterprise-Leaders-Agree-APIs-Are-Essential-for-Survival-but-Most-Face-Challenges-in-Rollout-of-Comprehensive-API-Strategy" target="_blank" rel="noopener">therefore now agree</a> that successfully executing an API strategy is vital to future revenue and growth. But increasingly the sheer volume of APIs and their distribution across multiple architectures and teams is a source of concern. There may be tens or even hundreds of thousands of customer- and partner-facing APIs in a large enterprise. Even mid-sized organizations may be running thousands.</p> <h3>What is the impact on firms?</h3> <p>The threats are also far from theoretical. This year alone we’ve seen:</p> <ul> <li><a href="https://www.infosecurity-magazine.com/news/api-attacker-steals-data-37/" target="_blank" rel="noopener">T-Mobile USA admit</a> that 37 million customers had their personal and account information accessed by a malicious actor via an API</li> <li>Misconfigured Open Authorization (OAuth)<a href="https://www.csoonline.com/article/3689869/booking-com-account-takeover-flaw-shows-possible-pitfalls-in-oauth-implementations.html" target="_blank" rel="noopener"> implementations</a> on Booking.com which could have enabled serious user account takeover attacks on the site</li> </ul> <p>It’s not just corporate reputation and the bottom line that’s at risk from API threats. They can also hold up important business projects. <a href="https://www.prnewswire.com/news-releases/latest-salt-security-state-of-api-security-report-shows-400-increase-in-attackers-finds-api-security-has-become-a-c-level-discussion-301784038.html">More than half (59%) of organizations claim </a> that they’ve had to slow down the rollout of new apps because of API security concerns. That’s part of the reason why it is now a C-level discussion topic for half of boards.</p> <p><a href="https://web-assets.esetstatic.com/wls/2023/06/api-application-programming-interface-software-cybersecurity-risks-1.jpg"><img class="aligncenter wp-image-174399 size-full" src="https://web-assets.esetstatic.com/wls/2023/06/api-application-programming-interface-software-cybersecurity-risks-1.jpg" alt="" width="1250" height="703" /></a></p> <h2>Top three API risks</h2> <p>There are dozens of ways hackers can exploit an API, but OWASP is the go-to resource for those wanting to understand the biggest threats to their organization. Its <a href="https://github.com/OWASP/API-Security/tree/master/2023/en/src" target="_blank" rel="noopener">OWASP API Security Top 10 2023 list</a> details the following three main security risks:</p> <ol> <li><strong>Broken Object Level Authorization (BOLA)</strong>: API fails to verify whether a requester should have access to an object. This can lead to data theft, modification or deletion. Attackers need only be aware that the problem exists – no code hacks or stolen passwords are needed to exploit BOLA.</li> <li><strong>Broken Authentication</strong>: Missing and/or mis-implemented authentication protections. API authentication can be “complex and confusing” for many developers, who may have misconceptions about how to implement it, OWASP warns. The authentication mechanism itself is also exposed to anyone, making it an attractive target. API endpoints responsible for authentication must be treated differently from others, with enhanced protection. And any authentication mechanism used must be appropriate to the relevant attack vector.</li> <li><strong>Broken Object Property Level Authorization (BOPLA): </strong>Attackers are able to read or change the values of object properties they are not supposed to access. API endpoints are vulnerable if they expose the properties of an object that are considered sensitive (“excessive data exposure”); or if they allow a user to change, add/or delete the value of a sensitive object's property (“mass assignment”). Unauthorized access could result in data disclosure to unauthorized parties, data loss, or data manipulation.</li> </ol> <p>It’s also important to remember that these vulnerabilities are not mutually exclusive. Some of the worst API-based data breaches have been caused by a combination of exploits such as BOLA and excessive data exposure.</p> <h2>How to mitigate API threats</h2> <p>Given what’s at stake, it’s vital that you build security into any API strategy from the start. That means understanding where all your APIs are, and layering up tools and techniques to manage endpoint authentication, secure network communication, mitigate common bugs and tackle the threat of bad bots.</p> <p>Here are a few places to start:</p> <ul> <li><strong>Improve API governance </strong>by following an API-centric app development model which allows you to gain visibility and control. In so doing, you’ll shift security left to apply controls early on in the software development lifecycle and automate them in the CI/CD pipeline</li> <li><strong>Use API discovery tools </strong>to eliminate the number of shadow APIs already in the organization and understand where APIs are and if they contain vulnerabilities</li> <li><strong>Deploy an API gateway </strong>which accepts client requests and routes them to the right backend services. This management tool will help you authenticate, control, monitor and secure API traffic</li> <li><strong>Add a web application firewall (WAF) </strong>to enhance the security of your gateway, blocking malicious traffic including DDoS and exploitation attempts</li> <li><strong>Encrypt all data (i.e., via TLS) </strong>travelling through APIs, so it can’t be intercepted in man-in-the-middle attacks</li> <li><strong>Use OAuth for controlling API access </strong>to resources like websites without exposing user credentials</li> <li><strong>Apply rate limiting to restrict how often your API can be called. </strong>This will mitigate the threat from DDoS attacks and other unwanted spikes</li> <li><strong>Use a monitoring tool </strong>to log all security events and flag suspicious activity</li> <li><strong>Consider a zero trust approach </strong>which posits that no users, assets or resources inside the perimeter can be trusted. Instead, you will need to demand proof of authentication and authorization for every operation</li> </ul> <p>Digital transformation is the fuel powering sustainable growth for the modern enterprise. That puts APIs front and center of any new development project. They must be rigorously documented, developed with secure-by-design principles and protected in production with a multi-layered approach.</p> </div> <div class="article-subscribe-form mb-4"> <hr /> <div class="form-wrapper"> <div class="overlay"> <h2 class="title"> Let us keep you <br class='d-md-none'>up to date </h2> <p class="subtitle"> Sign up for our newsletters </p> <div class="form"> <form action="https://enjoy.eset.com/pub/rf" class="basic-searchform col-md-12 col-sm-12 col-xs-12 no-padding newsletter px-0" target="_blank" method="post" role="search"> <div class="search-input clearfix"> <input type="text" name="EMAIL_ADDRESS_" value="" placeholder="Your Email Address" required> <input type="checkbox" id="TOPIC" name="TOPIC" value="We Live Security Ukraine Newsletter"> <label for="TOPIC">Ukraine Crisis newsletter</label> <input type="checkbox" id="NEWSLETTER" name="NEWSLETTER" value="We Live Security"> <label for="NEWSLETTER">Regular weekly newsletter</label> <input type="hidden" name="_ri_" value="X0Gzc2X%3DAQpglLjHJlTQGgXv4jDGEK4KW2uhw0qgUzfwuivmOJOPCgzgo9vsI3VwjpnpgHlpgneHmgJoXX0Gzc2X%3DAQpglLjHJlTQGzbD6yU2pAgzaJM16bkTA7tOwuivmOJOPCgzgo9vsI3"> <input type="hidden" name="_ei_" value="Ep2VKa8UKNIAPP_2GAEW0bY"> <input type="hidden" name="_di_" value="m0a5n0j02duo9clmm4btuu5av8rdtvqfqd03v1hallrvcob47ad0"> <input type="hidden" name="EMAIL_PERMISSION_STATUS_" value="0"> <input type="hidden" name="CONTACT_SOURCE_MOST_RECENT" value="WLS_Subscribe_Form"> <button type="submit" class="redirect-button primary">Subscribe</button> </div> </form> </div> </div> <svg class="wave-overlay" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 600 201.7451"><g><path class="cls-1" d="m600,0v176.576c0,13.8934-11.2757,25.1691-25.1691,25.1691H25.1691c-13.9034,0-25.1691-11.2757-25.1691-25.1691v-110.6331c36.0722,38.8207,82.2223,71.8325,145.2255,88.6052.0402,0,.0805.0101.1107.0301,0,0,.0906,0,.1107.0302,108.7605,28.9444,198.3321-8.95,271.9366-49.865l29.5585-16.9537L600,0Z" /></g></svg></div> </div> <div class="d-block"> <div class="post-related-articles"> <h4 class="articles-title-divider py-4 my-2"> Related Articles </h4> <div class="articles-card-grid row g-0 pb-2 pb-md-3"><div class="col-12 col-sm-12 col-md-6 col-lg-4 article"><div class="card-divider"><hr class="articles-card-divider px-0 m-0" /></div><div class="article-card"><a href="/en/secure-coding/python-5-reasons-popular-cybersecurity-professionals/" title="Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals"><div class="row g-0 row-cols-1"><div class="article-list-card-header col"><div class="row g-0"><div class="col-9 d-md-none pe-3"><div class="article-list-card-title"><div class="article-tags mb-1 dark small"><p class="article-tag text-capitalize">Secure Coding</p></div><p class="title">Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals</p></div></div><div class="col-3 col-md-12"><picture><source srcset="https://web-assets.esetstatic.com/tn/-x82/wls/2024/4-2024/programming-python-cybersecurity.jpeg" media="(max-width: 768px)" /><img class="article-list-image small-card mt-1 mt-md-0 w-100" src="https://web-assets.esetstatic.com/tn/-x145/wls/2024/4-2024/programming-python-cybersecurity.jpeg" alt="Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals" loading="lazy" /></picture></div></div></div><div class="article-list-card-body col ps-0"><div class="d-none d-md-block pb-1"><div class="article-list-card-title"><div class="article-tags mb-1 dark small"><p class="article-tag text-capitalize">Secure Coding</p></div><p class="title">Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals</p></div></div><div><div class="article-title-info"><p><b></b></p></div></div></div></div></a></div></div><div class="col-12 col-sm-12 col-md-6 col-lg-4 article"><div class="card-divider"><hr class="articles-card-divider px-0 m-0" /></div><div class="article-card"><a href="/en/business-security/blue-team-toolkit-6-open-source-tools-corporate-defenses/" title="Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses"><div class="row g-0 row-cols-1"><div class="article-list-card-header col"><div class="row g-0"><div class="col-9 d-md-none pe-3"><div class="article-list-card-title"><div class="article-tags mb-1 dark small"><p class="article-tag text-capitalize">Business Security</p><p class="article-tag text-capitalize">Secure Coding</p></div><p class="title">Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses</p></div></div><div class="col-3 col-md-12"><picture><source srcset="https://web-assets.esetstatic.com/tn/-x82/wls/2024/2-2024/blue-team-toolkit-open-source-tools.jpeg" media="(max-width: 768px)" /><img class="article-list-image small-card mt-1 mt-md-0 w-100" src="https://web-assets.esetstatic.com/tn/-x145/wls/2024/2-2024/blue-team-toolkit-open-source-tools.jpeg" alt="Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses" loading="lazy" /></picture></div></div></div><div class="article-list-card-body col ps-0"><div class="d-none d-md-block pb-1"><div class="article-list-card-title"><div class="article-tags mb-1 dark small"><p class="article-tag text-capitalize">Business Security</p><p class="article-tag text-capitalize">Secure Coding</p></div><p class="title">Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses</p></div></div><div><div class="article-title-info"><p><b></b></p></div></div></div></div></a></div></div><div class="col-12 col-sm-12 col-md-6 col-lg-4 article"><div class="card-divider"><hr class="articles-card-divider px-0 m-0" /></div><div class="article-card"><a href="/en/secure-coding/capture-flag-5-websites-sharpen-hacking-skills/" title="Capture the flag: 5 websites to sharpen your hacking skills"><div class="row g-0 row-cols-1"><div class="article-list-card-header col"><div class="row g-0"><div class="col-9 d-md-none pe-3"><div class="article-list-card-title"><div class="article-tags mb-1 dark small"><p class="article-tag text-capitalize">Secure Coding</p></div><p class="title">Capture the flag: 5 websites to sharpen your hacking skills</p></div></div><div class="col-3 col-md-12"><picture><source srcset="https://web-assets.esetstatic.com/tn/-x82/wls/2023/2023-10/ctf.jpeg" media="(max-width: 768px)" /><img class="article-list-image small-card mt-1 mt-md-0 w-100" src="https://web-assets.esetstatic.com/tn/-x145/wls/2023/2023-10/ctf.jpeg" alt="Capture the flag: 5 websites to sharpen your hacking skills" loading="lazy" /></picture></div></div></div><div class="article-list-card-body col ps-0"><div class="d-none d-md-block pb-1"><div class="article-list-card-title"><div class="article-tags mb-1 dark small"><p class="article-tag text-capitalize">Secure Coding</p></div><p class="title">Capture the flag: 5 websites to sharpen your hacking skills</p></div></div><div><div class="article-title-info"><p><b></b></p></div></div></div></div></a></div></div></div></div> </div> </div> <div class="sidebar col col-lg-4 ps-5 d-none d-lg-block position-sticky"> <div class="sticky-top sticky-top--container"> <div class="pb-4"> <div class="share-article-card"> <div class="sidebar-card-media"> <div class="mb-3"> <h3 class="articles-title-divider">Share Article</h3> </div> <div class="medias"> <a href="https://www.facebook.com/sharer/sharer.php?u&#x3D;https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/" title="Facebook" > <svg id="Layer_2" fill="#949ca1" class="facebook" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><path fill="white"d="m30.9623,26.8125l.8054-5.2483h-5.0359v-3.4058c0-1.4358.7035-2.8354,2.9589-2.8354h2.2894v-4.4684s-2.0776-.3546-4.064-.3546c-4.1472,0-6.858,2.5137-6.858,7.0642v4h-4.61v5.2483h4.61v12.6875h5.6737v-12.6875h4.2305Z" /></g></svg> </a> <a href="https://www.linkedin.com/shareArticle?mini&#x3D;true&amp;url&#x3D;https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/" title="LinkedIn" > <svg id="Layer_2" fill="#949ca1" class="linkedin" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><path fill="white"d="m18.7686,35.9995h-4.9757v-16.0232h4.9757v16.0232Zm-2.4905-18.2089c-1.5911,0-2.8816-1.3179-2.8816-2.9089.0002-1.5915,1.2906-2.8814,2.882-2.8812,1.5911.0002,2.881,1.29,2.8812,2.8812,0,1.5911-1.2911,2.9089-2.8816,2.9089Zm21.113,18.2089h-4.965v-7.8c0-1.8589-.0375-4.2429-2.587-4.2429-2.587,0-2.9834,2.0196-2.9834,4.1089v7.9339h-4.9704v-16.0232h4.7721v2.1857h.0696c.6643-1.2589,2.287-2.5875,4.7079-2.5875,5.0357,0,5.9614,3.3161,5.9614,7.6232v8.8018h-.0054Z" /></g></svg> </a> <a href="https://twitter.com/intent/tweet?url&#x3D;https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/" title="Twitter" > <svg id="Layer_2" fill="#949ca1" class="twitter" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><g id="twitter"><g id="Layer_2-3"><g id="Research_icons"><path id="twitter-2" fill="white"d="m36.0847,16.9564c1.1786-.1395,2.3298-.4543,3.4153-.934-.7998,1.1935-1.8049,2.2357-2.9686,3.0783v.7675c0,7.8581-5.9779,16.9184-16.9184,16.9184-3.2314.004-6.3954-.9238-9.113-2.6722.4703.0571.9436.0856,1.4173.0853,2.6784.0044,5.2803-.8925,7.3871-2.5463-2.5446-.0467-4.7777-1.7068-5.5555-4.1301.3681.0703.742.1056,1.1168.1056.5293,0,1.0564-.0696,1.5676-.2071-2.775-.5608-4.7696-3.0006-4.7677-5.8317v-.0731c.826.4573,1.7488.712,2.6925.7432-2.6116-1.7476-3.4122-5.2258-1.8275-7.9394,3.0149,3.7157,7.4653,5.9771,12.2441,6.2215-.7617-3.1963,1.2119-6.4049,4.4082-7.1666,2.0894-.4979,4.285.1691,5.7444,1.7451,1.3319-.2639,2.6091-.7528,3.7768-1.4457-.4477,1.3745-1.3782,2.5402-2.6194,3.2813Z" /></g></g></g></g></svg> </a> <a href="mailto:?&amp;subject&#x3D;I wanted you to see this site&amp;body&#x3D;https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/" title="mail" > <svg id="Layer_2" fill="#949ca1" class="social-icon" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><path id="Path_7761" fill="white"d="m13.1593,14.9378c-.2808,0-.5616.0936-.8424.1872l11.8875,11.5131c.3744.468,1.0296.468,1.404.0936.0936,0,.0936-.0936.0936-.0936l12.0747-11.5131c-.2808-.0936-.5616-.1872-.7488-.1872H13.1593Zm-2.1529,1.9656v15.8188c-.0936,1.2168.8424,2.2465,2.0593,2.3401h23.8686c1.2168-.0936,2.1529-1.1232,2.0593-2.3401v-15.7252l-11.7939,11.3259c-1.2168,1.2168-3.1825,1.2168-4.3057,0l-11.8875-11.4195Z" /></g></svg> </a> <a href="https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/" title="copy" class="copy-link" > <svg id="Layer_2" fill="#949ca1" class="social-icon" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><path fill="white"d="m32.2813,27.4375l3.7-3.7c2.7-2.7,2.7-7,0-9.7-2.7-2.7-7-2.7-9.7,0h0l-5.3,5.3c-2.7,2.7-2.7,7,0,9.7.4.4.8.7,1.3,1l2.8-2.8c-.6-.1-1.1-.4-1.5-.8-1.2-1.2-1.2-3.2,0-4.4l5.3-5.3c1.3-1.2,3.2-1.1,4.4.1,1.1,1.2,1.1,3.1,0,4.3l-1.6,1.6c.7,1.4.9,3.1.6,4.7h0Zm-14.7-4.7l-3.6,3.6c-2.7,2.7-2.6,7,0,9.7,2.7,2.6,6.9,2.6,9.6,0l5.3-5.3c2.7-2.7,2.7-7,0-9.7-.4-.4-.8-.7-1.3-1l-2.8,2.8c1.7.4,2.7,2.1,2.3,3.7-.1.6-.4,1.1-.8,1.5l-5.3,5.4c-1.2,1.3-3.1,1.3-4.4.1-1.3-1.2-1.3-3.1-.1-4.4,0-.1.1-.1.1-.1l1.6-1.5c-.7-1.6-.9-3.2-.6-4.8h0Z" /></g></svg> </a> </div> </div> </div> </div> <div class="pb-4"> <a class="d-block sidebar-card-banner" href="https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2024-q3-2024/" title="Apt Activity Report" target="_blank"> <img src="https://www.welivesecurity.com/build/assets/eset-apt-activity-report-q2-2024-q3-2024-d75a59c4.webp" alt="Apt Activity Report" class="w-100" > </a> </div> </div> </div> </div> <div class="row"> <div class="col col-lg-8 pe-lg-0"> <div class="my-4"> <h3 class="articles-title-divider">Discussion</h3> </div> <div id="disqus_thread"></div> </div> </div> </div> </div> <!-- footer --> <footer class="page-footer"> <div class="container"> <div class="row g-0"> <div class="col page-info-wrapper"> <div class="logo-wrapper"> <div class="logo"> <a href="/en/" title="Welivesecurity"> <?xml version="1.0" encoding="UTF-8"?><svg id="Layer_2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 290 31.7919"><defs><style>.cls-1{fill:#0b8690;}.cls-2{fill:#053b44;}</style></defs><g id="Layer_1-2"><g><path class="cls-2" d="M0,8.6081H5.1069l2.869,10.7299,3.3282-10.845h4.3616l3.3833,10.845,2.9261-10.7879h4.9947l-5.51,17.8465h-4.5336l-3.3833-10.903-3.5012,10.903H5.451L0,8.6081Zm26.6257,9.0093h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3955c.3233,2.123,2.219,3.6443,4.3616,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.8729,2.5259c-1.7441,2.1958-4.4284,3.4313-7.2306,3.3282-4.9064,.227-9.0678-3.5664-9.2947-8.4728-.0109-.236-.0124-.4724-.0045-.7085Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7303-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5747Zm57.842,7.9179l2.1266-3.3282c1.5999,1.2513,3.5393,1.9923,5.566,2.1267,1.4345,0,2.1266-.5162,2.1266-1.3195v-.057c0-1.0904-1.7216-1.4345-3.6733-2.0658-2.4679-.7463-5.2789-1.8937-5.2789-5.3369v-.057c0-3.6153,2.9261-5.6231,6.4843-5.6231,2.3553,.0234,4.6511,.742,6.5994,2.0658l-1.8937,3.5003c-1.4459-.9422-3.1015-1.5139-4.8207-1.6646-1.2054,0-1.8366,.5162-1.8366,1.2054v.057c0,.9754,1.6646,1.4345,3.6153,2.1267,2.4679,.8033,5.3369,2.0087,5.3369,5.2789v.057c0,3.9633-2.9261,5.7381-6.7666,5.7381-2.7543-.0573-5.4158-1.006-7.5854-2.7037Zm15.4356-6.4264h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3375c.3233,2.123,2.219,3.6443,4.3616,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.869,2.5249c-1.744,2.1959-4.4283,3.4315-7.2306,3.3282-5.3901,.001-9.3534-3.7835-9.3534-9.1804Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7303-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5747Zm6.1412,1.4906h0c-.0992-5.0349,3.9019-9.197,8.9368-9.2964h.3596c2.6878-.1539,5.2947,.9485,7.0566,2.9841l-3.0991,3.3282c-.9721-1.2277-2.4505-1.9458-4.0165-1.9507-2.5249,0-4.3036,2.2378-4.3036,4.8198v.057c0,2.697,1.7787,4.8778,4.4756,4.8778,1.5606-.0446,3.0342-.7295,4.0745-1.8937l2.9261,2.9841c-1.7686,2.1577-4.4423,3.3673-7.2306,3.2712-5.0035,.0682-9.115-3.9326-9.1832-8.9361,0-.0009,0-.0017,0-.0026,.0026-.0806,.0038-.1614,.0039-.2426Zm17.9606,2.5249V8.6642h5.0498v9.8706c0,2.4099,1.1474,3.6153,3.0411,3.6153s3.1562-1.2054,3.1562-3.6153V8.6071h5.0498V26.3386h-5.0498v-2.5249c-1.1459,1.7743-3.1079,2.8527-5.22,2.869-3.7893,.001-6.0271-2.4669-6.0271-6.5414Zm18.4767-11.5342h5.0498v3.5573c1.0324-2.4679,2.697-4.0165,5.6811-3.9024v5.2789h-.29c-3.3282,0-5.3939,2.0087-5.3939,6.2543v6.5414h-5.047V8.6071Zm12.5666,0h5.0498V26.3386h-5.0498V8.6071Zm8.9561,12.7396V12.9117h-2.1267v-4.3036h2.1267V4.0745h5.0498v4.5336h4.1885v4.3036h-4.1924v7.5747c0,1.1474,.5162,1.7216,1.6066,1.7216,.8637,.0094,1.7148-.2083,2.4679-.6312v4.0165c-1.1964,.7132-2.571,1.0716-3.9633,1.0334-3.0952,.057-5.1571-1.2054-5.1571-5.2799Zm11.4153,9.1813l1.6646-3.6153c.6415,.4009,1.372,.6373,2.1267,.6883,.7821,.0558,1.5071-.4118,1.7787-1.1474l-6.9474-17.7885h5.3369l4.0165,12.1074,3.8444-12.1074h5.22l-6.7666,18.1326c-1.3775,3.6153-2.812,4.9928-5.8531,4.9928-1.5664,.0294-3.1059-.4102-4.4205-1.2625ZM182.4783,1.3195c1.3945,0,2.5249,1.1304,2.5249,2.5249s-1.1304,2.5249-2.5249,2.5249-2.5249-1.1304-2.5249-2.5249,1.1304-2.5249,2.5249-2.5249Zm38.8471,2.754v2.1267h-.6312v-2.1267h-.8603v-.5162h2.3528v.4592h-.8603l-.0009,.057Zm4.0755,2.1238v-1.7796l-.8033,1.7787h-.6312l-.7463-1.7787,.057,.3441v1.3775h-.5732V3.5573h.7463l.8603,2.0658,.9753-2.0658h.6883v2.6399h-.5732Z" /><path class="cls-1" d="M46.2508,2.2378h5.0498V26.3956h-5.0498V2.2378Zm7.9189,6.3693h5.0498V26.3386h-5.0498V8.6071Zm6.5414,0h5.3369l3.9633,11.8783,4.0126-11.8783h5.22l-7.0005,17.8465h-4.5907l-6.9416-17.8465Zm17.9035,9.0102h0c0-5.1069,3.6153-9.2964,8.7792-9.2964,5.9102,0,8.6651,4.5907,8.6651,9.6405,0,.4021-.057,.8603-.057,1.3195h-12.3375c.3232,2.1226,2.2184,3.6438,4.3606,3.5003,1.6303,.0269,3.1951-.6409,4.3036-1.8367l2.869,2.5249c-1.744,2.1959-4.4283,3.4315-7.2306,3.3282-5.3891,.001-9.3524-3.7835-9.3524-9.1804Zm12.5095-1.4916c-.29-2.2378-1.6066-3.7874-3.7294-3.7874s-3.4432,1.4916-3.8444,3.7874h7.5738ZM56.6366,0c-1.7746,0-3.2132,1.4386-3.2132,3.2132,0,1.7746,1.4386,3.2132,3.2132,3.2132,1.7746,0,3.2132-1.4386,3.2132-3.2132h0c-.0188-1.7667-1.4464-3.1943-3.2132-3.2132Zm0,4.5907c-.7567-.0094-1.3677-.6208-1.3765-1.3775-.0202-.7605,.58-1.3933,1.3405-1.4135,.7605-.0202,1.3933,.58,1.4135,1.3405,.0006,.0243,.0006,.0487,0,.073-.0089,.7571-.6204,1.3686-1.3775,1.3775Zm191.3425,4.0213c-2.2021-.0287-4.2611,1.0885-5.4375,2.9502-.9299,1.6095-1.1339,4.233-1.1339,5.9711s.2049,4.3596,1.1339,5.9691c1.1767,1.8615,3.2355,2.9785,5.4375,2.9502h34.4972c2.2018,.0283,4.2603-1.0888,5.4365-2.9502,.928-1.6095,1.1349-4.233,1.1349-5.9711s-.2069-4.3567-1.1349-5.9662c-1.1762-1.8615-3.2347-2.9786-5.4365-2.9502l-34.4972-.0029Zm22.9572,7.9392h2.9v-.0899c0-1.3272-.5326-1.4268-1.4896-1.4268-1.16,0-1.3794,.377-1.4133,1.5167m-20.3859-1.4297c.9512,0,1.4635,.0967,1.4635,1.3997v.0628h-2.8487c.0319-1.1165,.2591-1.4626,1.3852-1.4626m-4.0233,2.463c0,3.1262,.783,4.2533,4.0745,4.2533,1.0071,.0751,2.0175-.0927,2.9464-.4891,.7808-.4894,1.2122-1.3829,1.1097-2.2987h-2.5965c-.0271,.8903-.6322,.9821-1.4626,.9821-1.1996,0-1.4336-.4833-1.4336-1.9788v-.0638h5.4887v-.405c0-3.4123-.9231-4.2668-4.06-4.2668-3.3553,0-4.0745,1.044-4.0745,4.2668m9.8793-1.5621c0,1.6665,.5742,2.4476,4.0735,2.4476,.3744-.0275,.7508,.0097,1.1126,.1102,.2736,.1199,.4021,.3586,.4021,.7927,0,.726-.2658,.8043-1.5128,.8043-.6931,0-1.3987-.0155-1.4307-.9502h-2.6438c.0203,1.8425,.8932,2.4447,2.5085,2.5732,.4882,.0377,1.0188,.0348,1.565,.0348,2.2233,0,4.0735-.3712,4.0735-2.7849,0-2.2997-1.1996-2.463-4.0745-2.5288-1.4268-.0319-1.5109-.3316-1.5109-.8043,0-.5616,.0619-.7405,1.5119-.7405,.5317,0,1.0633,.0474,1.1822,.7086h2.4882v-.3393c0-2.001-2.0967-2.03-3.6733-2.03-2.3625,0-4.0735,.0532-4.0735,2.7066m21.6744-2.7066h6.5018v1.9005h-1.9333v6.525h-2.6274v-6.524h-1.9333l-.0077-1.9014Zm-9.7275,4.2059c0-3.2122,.7086-4.2398,4.0464-4.2398,3.1194,0,4.031,.842,4.031,4.2398v.376h-5.4896v.0909c0,1.4945,.2359,2.0058,1.4587,2.0058,.8226,0,1.45-.0909,1.4896-.9821h2.5413c.0948,.8946-.3269,1.7653-1.0875,2.2456-.9243,.3931-1.9294,.5588-2.9309,.4833-3.276,0-4.0464-1.1088-4.0464-4.2224m-23.7624,5.7874c-1.3214-1.421-1.6134-3.652-1.6134-5.7739s.29-4.35,1.6134-5.7758c1.0333-.9868,2.3994-1.5498,3.828-1.5776h17.7865v14.7048h-17.7865c-1.4285-.0278-2.7946-.5908-3.828-1.5776m43.7423-16.12c.0004-.036-.009-.0714-.0271-.1025-.0116-.0387-.0445-.0628-.086-.0899-.0385-.0194-.0807-.0303-.1237-.0319-.0559-.0087-.1126-.0123-.1692-.0106h-.1508v.5394h.115c.0678,.0013,.1357-.0022,.203-.0106,.0495-.0114,.0968-.0307,.1402-.057,.0317-.0265,.0574-.0594,.0754-.0967,.016-.0456,.0235-.0938,.0222-.1421m.8226,1.3533h-.61l-.5742-.7086h-.1933v.7066h-.4679v-1.913h.7269c.1085-.0031,.2172,.0024,.3248,.0164,.0855,.0088,.1681,.0355,.2426,.0783,.0789,.0405,.1456,.1012,.1933,.1759,.0425,.0819,.0625,.1737,.058,.2658,.0044,.1242-.0384,.2454-.1199,.3393-.0832,.0952-.1884,.1685-.3064,.2136l.7259,.8255Zm.4186-.9203c.0053-.4029-.1547-.7903-.4427-1.072-.2749-.2868-.6574-.4452-1.0546-.4369-.3998-.0086-.7851,.1497-1.0633,.4369-.5856,.5955-.5856,1.5505,0,2.146,.5715,.5851,1.5091,.5962,2.0942,.0247,.0083-.0081,.0166-.0164,.0247-.0247,.289-.2818,.4492-.6703,.4427-1.074m.4253,0c.0069,.5131-.1972,1.0066-.5645,1.3649-.7536,.747-1.9685,.747-2.7221,0-.3705-.3563-.5758-.851-.5665-1.3649-.0083-.5104,.1971-1.001,.5665-1.3533,.7441-.75,1.955-.7561,2.7066-.0135l.0135,.0135c.3662,.3543,.5704,.8438,.5645,1.3533m-64.0238,6.7637h2.1044c1.5563,0,2.32,.6206,2.32,1.74,.0109,.539-.2936,1.0349-.7791,1.2692v.0242c.7243,.1716,1.2395,.8131,1.2509,1.5573,0,1.16-.6767,1.9652-2.5133,1.9652h-2.3828v-6.5559Zm2.0483,2.7588c.7414,0,1.1126-.2591,1.1126-.8893,0-.6767-.4456-.899-1.2799-.899h-.6109v1.7883h.7782Zm.2127,2.7898c.87,0,1.362-.2223,1.362-.9261s-.5007-.9667-1.4829-.9667h-.87v1.8908l.9908,.0019Zm4.9406-1.248l-2.32-4.3007h1.4548l1.5418,3.2267,1.6433-3.2248h1.4084l-2.4659,4.2726v2.2775h-1.2566l-.0058-2.2514Z" /></g></g></svg> </a> </div> </div> <div class="page-info"> <p> Award-winning news, views, and insight from the ESET security community </p> </div> </div> <div class="col footer-links"> <a href="/en/company/about-us/" title="About us" >About us</a> <a href="https://www.eset.com" title="ESET" >ESET</a> <a href="/en/company/contact-us/" title="Contact us" >Contact us</a> <a href="/en/company/privacy/" title="Privacy Policy" >Privacy Policy</a> <a href="/en/company/legal-information/" title="Legal Information" >Legal Information</a> <a href="/en/#" title="Manage Cookies" id="manage-cookies" onclick="event.preventDefault()" >Manage Cookies</a> <a href="/en/rss/feed/" title="RSS Feed" >RSS Feed</a> </div> <div class="col social-networks"> <a href="https://www.facebook.com/eset/" title="Join our facebook fan site!"> <svg id="Layer_2" fill="#949ca1" class="facebook" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><path fill="white"d="m30.9623,26.8125l.8054-5.2483h-5.0359v-3.4058c0-1.4358.7035-2.8354,2.9589-2.8354h2.2894v-4.4684s-2.0776-.3546-4.064-.3546c-4.1472,0-6.858,2.5137-6.858,7.0642v4h-4.61v5.2483h4.61v12.6875h5.6737v-12.6875h4.2305Z" /></g></svg> </a> <a href="https://youtube.com/esetglobal" title="Watch our videos at YouTube Channel."> <svg id="Layer_2" fill="#949ca1" class="youtube" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><g id="Layer_1-2"><g id="youtube"><g id="SOCIAL_MEDIA"><path id="youtube-2" fill="white"d="m39.3741,17.7792c-.3492-1.2938-1.3598-2.3044-2.6536-2.6536-2.3399-.625-11.7206-.625-11.7206-.625,0,0-9.3745,0-11.7206.625-1.2941.3485-2.305,1.3594-2.6536,2.6536-.4319,2.3823-.6412,4.7997-.6249,7.2208-.0162,2.4211.193,4.8385.625,7.2208.3478,1.2946,1.359,2.3058,2.6536,2.6536,2.3399.625,11.7206.625,11.7206.625,0,0,9.3807,0,11.7206-.625,1.2942-.3485,2.3051-1.3594,2.6536-2.6536.4315-2.3824.6408-4.7997.625-7.2208.0158-2.4211-.1934-4.8384-.625-7.2208h0Zm-17.374,11.7205v-8.9994l7.7933,4.4997-7.7933,4.4997Z" /></g></g></g></g></svg> </a> <a href="https://twitter.com/ESET" title="Visit the official WLS Twitter page."> <svg id="Layer_2" fill="#949ca1" class="twitter" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><g id="twitter"><g id="Layer_2-3"><g id="Research_icons"><path id="twitter-2" fill="white"d="m36.0847,16.9564c1.1786-.1395,2.3298-.4543,3.4153-.934-.7998,1.1935-1.8049,2.2357-2.9686,3.0783v.7675c0,7.8581-5.9779,16.9184-16.9184,16.9184-3.2314.004-6.3954-.9238-9.113-2.6722.4703.0571.9436.0856,1.4173.0853,2.6784.0044,5.2803-.8925,7.3871-2.5463-2.5446-.0467-4.7777-1.7068-5.5555-4.1301.3681.0703.742.1056,1.1168.1056.5293,0,1.0564-.0696,1.5676-.2071-2.775-.5608-4.7696-3.0006-4.7677-5.8317v-.0731c.826.4573,1.7488.712,2.6925.7432-2.6116-1.7476-3.4122-5.2258-1.8275-7.9394,3.0149,3.7157,7.4653,5.9771,12.2441,6.2215-.7617-3.1963,1.2119-6.4049,4.4082-7.1666,2.0894-.4979,4.285.1691,5.7444,1.7451,1.3319-.2639,2.6091-.7528,3.7768-1.4457-.4477,1.3745-1.3782,2.5402-2.6194,3.2813Z" /></g></g></g></g></svg> </a> <a href="https://www.linkedin.com/company/eset" title="Follow us on LinkedIn."> <svg id="Layer_2" fill="#949ca1" class="linkedin" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><path fill="white"d="m18.7686,35.9995h-4.9757v-16.0232h4.9757v16.0232Zm-2.4905-18.2089c-1.5911,0-2.8816-1.3179-2.8816-2.9089.0002-1.5915,1.2906-2.8814,2.882-2.8812,1.5911.0002,2.881,1.29,2.8812,2.8812,0,1.5911-1.2911,2.9089-2.8816,2.9089Zm21.113,18.2089h-4.965v-7.8c0-1.8589-.0375-4.2429-2.587-4.2429-2.587,0-2.9834,2.0196-2.9834,4.1089v7.9339h-4.9704v-16.0232h4.7721v2.1857h.0696c.6643-1.2589,2.287-2.5875,4.7079-2.5875,5.0357,0,5.9614,3.3161,5.9614,7.6232v8.8018h-.0054Z" /></g></svg> </a> <a href="https://www.welivesecurity.com/rss-configurator/" title="Don´t miss a single post!"> <svg id="Layer_2" fill="#949ca1" class="social-icon" xmlns="http://www.w3.org/2000/svg" width="35" height="35" viewBox="0 0 50 50"><g id="Layer_2-2"><circle cx="25" cy="25" r="25" /><g id="rss"><g id="SOCIAL_MEDIA"><path id="rss-2" fill="white"d="m16.9299,36.9089c-1.8039-.0139-3.255-1.4876-3.2411-3.2915.0139-1.8039,1.4876-3.255,3.2915-3.2411,1.7931.0138,3.2398,1.4706,3.2412,3.2638-.006,1.8113-1.4791,3.2748-3.2904,3.2688-.0004,0-.0008,0-.0012,0Zm12.6168,0c-.0331-8.7521-7.1549-15.8203-15.907-15.7872h-.0014v4.6272c6.1869-.0232,11.2214,4.9731,11.2452,11.16h4.6632Zm8.0916,0c-.0503-13.2044-10.7953-23.8679-23.9997-23.8176-.0001,0-.0002,0-.0003,0v4.7628c10.5637-.0398,19.1597,8.4911,19.2,19.0548h4.8Z" /></g></g></g></svg> </a> </div> </div> <div class="row g-0"> <div class="col copyright"> Copyright © ESET, All Rights Reserved </div> </div> </div> </footer> </div> <!-- scripts --> <link rel="modulepreload" href="https://www.welivesecurity.com/build/assets/app-7a4ecde0.js" /><script type="module" src="https://www.welivesecurity.com/build/assets/app-7a4ecde0.js"></script> <link rel="modulepreload" href="https://www.welivesecurity.com/build/assets/search-7d9f58b7.js" /><link rel="modulepreload" href="https://www.welivesecurity.com/build/assets/_commonjsHelpers-042e6b4d.js" /><script type="module" src="https://www.welivesecurity.com/build/assets/search-7d9f58b7.js"></script> <script> var disqus_config = function () { this.page.url = "https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/"; this.page.identifier = "All eyes on APIs: Top 3 API security risks and how to mitigate them"; this.page.title = "13018"; this.language = "en"; }; (function() { var d = document, s = d.createElement('script'); s.src = 'https://welivesecurity.disqus.com/embed.js'; s.setAttribute('data-timestamp', +new Date()); (d.head || d.body).appendChild(s); })(); </script> <link rel="preload" as="style" href="https://www.welivesecurity.com/build/assets/prism-40494b65.css" /><link rel="modulepreload" href="https://www.welivesecurity.com/build/assets/prism-40d1b0a4.js" /><link rel="modulepreload" href="https://www.welivesecurity.com/build/assets/_commonjsHelpers-042e6b4d.js" /><link rel="stylesheet" href="https://www.welivesecurity.com/build/assets/prism-40494b65.css" /><script type="module" src="https://www.welivesecurity.com/build/assets/prism-40d1b0a4.js"></script> <link rel="preload" as="style" href="https://www.welivesecurity.com/build/assets/article-e3625c4c.css" /><link rel="modulepreload" href="https://www.welivesecurity.com/build/assets/article-98874652.js" /><link rel="modulepreload" href="https://www.welivesecurity.com/build/assets/table-wrapper-135558d1.js" /><link rel="stylesheet" href="https://www.welivesecurity.com/build/assets/article-e3625c4c.css" /><script type="module" src="https://www.welivesecurity.com/build/assets/article-98874652.js"></script></body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10