API Security Survey

Imperva
ImpervaMarketing Communications Manager
API Security Survey A survey of 250 IT managers and security professionals S U R V E Y The survey was conducted in November 2017 by OnePoll for Imperva, Inc. with respondents from companies with at least 250 employees, and/or $1 million in revenue in the US.
Due to increased usage, APIs have become a new attack vector for cybercriminals and make applications and databases vulnerable to web application attacks.
Yes 68.8% No 24.4%Don’t know 6.8% Are you exposing APIs to your partners and the public?
How many public facing APIs exist in your organization? 0 1-10 11-50 51-100 101-200 201-300 3.2% 301-400 401-500 501-750 751-1000 1001+ Don’t know 5.6% 8.8% 8.8% 10.4% 8% 10.8% 12.4% 8% 8% 7.2% 8.8% Number of APIs
When thinking about securing your APIs, what is your main concern? Bots and DDoS attacks Authentication enforcement Need to profile APIs Inspection of API content to detect attacks Other concern Not applicable / No concerns 39.2% 24.4% 13.6% 14.8% 0.4% 7.6%
Yes 80% 12% No 8% Not applicable / Don't Know Are you using an API gateway to manage public facing APIs? ?
Yes 80%14.8% No 5.2% Not applicable / Don't Know Are you using a public cloud service to manage and secure APIs? ? X
76.4%63.2% Web Application Firewall API GatewayNo security How are you securing your APIs? Network FirewallNot applicable / I don't know Runtime Application Self Protection 44.8% 5.6% 63.2%0.8%
1.21%78.23% 10.89% DevOpsIT Security team App Developers Who typically oversees the security of your APIs? 6.05% DevSecOps Someone else Not applicable / I don't know 0.4% ? 3.2%
8.4% 76.4% 15.2% No Yes Not applicable / Don't Know Does your company treat API security differently than web security?
Are DevOps part of your application development? Can you see security (DevSecOps) in the future of application development? Yes 92.4% No 4.4% I'm not sure 3.2% Yes 89.6% No 8% Not applicable / Don't Know 2.4% ? ?
APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company’s data. To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.” — Terry Ray, Imperva CTO “
LEARN MORE Six Ways to Secure APIs
Imperva is a leading provider of cyber security solutions that protect business-critical data and applications.
1 of 14

API Security Survey

Download to read offline
Technology

One Poll survey of 250 IT professionals on the state of application programming interface (API) security, which highlights growing concern for cybersecurity risk related to API use.

Imperva
ImpervaMarketing Communications Manager

Recommended

API Security LifecycleAPI Security Lifecycle
API Security LifecycleApigee | Google Cloud
1.3K views15 slides
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?Apigee | Google Cloud
17.3K views19 slides
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
4.6K views34 slides
What is APIGEE? What are the benefits of APIGEE?What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?IQ Online Training
1.2K views9 slides
What is an API Gateway?What is an API Gateway?
What is an API Gateway?LunchBadger
2K views18 slides
APIs in a Microservice ArchitectureAPIs in a Microservice Architecture
APIs in a Microservice ArchitectureWSO2
1.3K views32 slides

More Related Content

What's hot

Azure API ManagementAzure API Management
Azure API ManagementDaniel Toomey
5.1K views36 slides

What's hot(20)

Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner30.2K views
Reasons To Automate API Testing ProcessReasons To Automate API Testing Process
Reasons To Automate API Testing Process
QASource979 views
Azure API ManagementAzure API Management
Azure API Management
Daniel Toomey5.1K views
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
Apigee | Google Cloud4.8K views
Deep dive: Monetize your API ProgramsDeep dive: Monetize your API Programs
Deep dive: Monetize your API Programs
Apigee | Google Cloud17.4K views
API Management architect presentationAPI Management architect presentation
API Management architect presentation
sflynn07313.6K views
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and Roadmap
WSO22.5K views
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
Jagadish Vemugunta7K views
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena1.2K views
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
Isabelle Mauny390 views
Event-based API Patterns and Practices - AsyncAPI Online ConferenceEvent-based API Patterns and Practices - AsyncAPI Online Conference
Event-based API Patterns and Practices - AsyncAPI Online Conference
LaunchAny4.6K views
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
Apigee | Google Cloud4.2K views
Webcast: Deep-Dive Apigee Edge MicrogatewayWebcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge Microgateway
Apigee | Google Cloud10.6K views
OWASP Top 10 API Security RisksOWASP Top 10 API Security Risks
OWASP Top 10 API Security Risks
IndusfacePvtLtd3.6K views
API Test Automation Tips and TricksAPI Test Automation Tips and Tricks
API Test Automation Tips and Tricks
testhive817 views
Api-First service designApi-First service design
Api-First service design
Stefaan Ponnet1.3K views
API for BeginnersAPI for Beginners
API for Beginners
Gustavo De Vita8.7K views
How to migrate an application in IBM APIc, and preserve its client credentialHow to migrate an application in IBM APIc, and preserve its client credential
How to migrate an application in IBM APIc, and preserve its client credential
Shiu-Fun Poon470 views
API Branding StrategyAPI Branding Strategy
API Branding Strategy
WSO22K views
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
Prakash Bhandari 763 views

Similar to API Security Survey

Similar to API Security Survey(20)

eb-The-State-of-API-Security.pdfeb-The-State-of-API-Security.pdf
eb-The-State-of-API-Security.pdf
Sajid Ali6 views
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
Tunde Ogunkoya267 views
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds
APIsecure_ Official63 views
TEC-Roundtable-APITEC-Roundtable-API
TEC-Roundtable-API
Patrick Emmons102 views
OWASP API Security TOP 10 - 2019OWASP API Security TOP 10 - 2019
OWASP API Security TOP 10 - 2019
Miguel Angel Falcón Muñoz351 views
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIs
DevOps Indonesia36 views
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIs
DevOps Indonesia54 views
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
lior mazor34 views
Success with APIs: A ChecklistSuccess with APIs: A Checklist
Success with APIs: A Checklist
CA Technologies7.4K views
Best practices for API Integration - Bearer.shBest practices for API Integration - Bearer.sh
Best practices for API Integration - Bearer.sh
Guillaume Montard280 views
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accentureapidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays LIVE New York 2021 - API Security & AI by Deb Roy, Accenture
apidays139 views
Secure your app against DDOS, API Abuse, Hijacking, and Fraud Secure your app against DDOS, API Abuse, Hijacking, and Fraud
Secure your app against DDOS, API Abuse, Hijacking, and Fraud
Tu Pham14 views
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
Veracode3.7K views
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays82 views
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API Security
Distil Networks543 views
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
Outpost24125 views
Find & fix the flaws in your codeFind & fix the flaws in your code
Find & fix the flaws in your code
Rogue Wave Software 840 views
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
baoyin667 views
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley754 views
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
Tunde Ogunkoya147 views

More from Imperva

Imperva pptImperva ppt
Imperva pptImperva
4K views9 slides

More from Imperva(20)

Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
Imperva10.2K views
Imperva pptImperva ppt
Imperva ppt
Imperva4K views
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
Imperva1.7K views
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
Imperva2K views
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
Imperva1.7K views
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
Imperva5.7K views
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
Imperva1.5K views
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
Imperva3.1K views
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
Imperva1.5K views
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
Imperva1.1K views
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
Imperva1K views
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
Imperva1.2K views
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
Imperva705 views
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
Imperva915 views
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
Imperva373 views
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
Imperva476 views
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
Imperva464 views
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
Imperva514 views
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Imperva2.5K views
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
Imperva2.6K views

Recently uploaded

Web Dev - 1 PPT.pdfWeb Dev - 1 PPT.pdf
Web Dev - 1 PPT.pdfgdsczhcet
48 views45 slides

Recently uploaded(20)

MemVerge: Memory Viewer SoftwareMemVerge: Memory Viewer Software
MemVerge: Memory Viewer Software
CXL Forum115 views
Data-centric AI and the convergence of data and model engineering: opportunit...Data-centric AI and the convergence of data and model engineering: opportunit...
Data-centric AI and the convergence of data and model engineering: opportunit...
Paolo Missier19 views
Java Platform Approach 1.0 - Picnic MeetupJava Platform Approach 1.0 - Picnic Meetup
Java Platform Approach 1.0 - Picnic Meetup
Rick Ossendrijver23 views
Green Leaf Consulting: Capabilities DeckGreen Leaf Consulting: Capabilities Deck
Green Leaf Consulting: Capabilities Deck
GreenLeafConsulting170 views
"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy
"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy
Fwdays35 views
Web Dev - 1 PPT.pdfWeb Dev - 1 PPT.pdf
Web Dev - 1 PPT.pdf
gdsczhcet48 views
Transcript: The Details of Description Techniques tips and tangents on altern...Transcript: The Details of Description Techniques tips and tangents on altern...
Transcript: The Details of Description Techniques tips and tangents on altern...
BookNet Canada99 views
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi77 views
Astera Labs: Intelligent Connectivity for Cloud and AI InfrastructureAstera Labs: Intelligent Connectivity for Cloud and AI Infrastructure
Astera Labs: Intelligent Connectivity for Cloud and AI Infrastructure
CXL Forum118 views
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray1042 views
JCon Live 2023 - Lice coding some integration problemsJCon Live 2023 - Lice coding some integration problems
JCon Live 2023 - Lice coding some integration problems
Bernd Ruecker61 views
Photowave Presentation Slides - 11.8.23.pptxPhotowave Presentation Slides - 11.8.23.pptx
Photowave Presentation Slides - 11.8.23.pptx
CXL Forum118 views
.conf Go 2023 - SIEM project @ SNF.conf Go 2023 - SIEM project @ SNF
.conf Go 2023 - SIEM project @ SNF
Splunk163 views
The details of description: Techniques, tips, and tangents on alternative tex...The details of description: Techniques, tips, and tangents on alternative tex...
The details of description: Techniques, tips, and tangents on alternative tex...
BookNet Canada97 views
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk170 views
"Fast Start to Building on AWS", Igor Ivaniuk"Fast Start to Building on AWS", Igor Ivaniuk
"Fast Start to Building on AWS", Igor Ivaniuk
Fwdays31 views
Samsung: CMM-H Tiered Memory Solution with Built-in DRAMSamsung: CMM-H Tiered Memory Solution with Built-in DRAM
Samsung: CMM-H Tiered Memory Solution with Built-in DRAM
CXL Forum96 views
Business Analyst Series 2023 - Week 2 Session 3Business Analyst Series 2023 - Week 2 Session 3
Business Analyst Series 2023 - Week 2 Session 3
DianaGray10307 views
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk76 views
Liqid: Composable CXL PreviewLiqid: Composable CXL Preview
Liqid: Composable CXL Preview
CXL Forum118 views

API Security Survey

  • 1. API Security Survey A survey of 250 IT managers and security professionals S U R V E Y The survey was conducted in November 2017 by OnePoll for Imperva, Inc. with respondents from companies with at least 250 employees, and/or $1 million in revenue in the US.
  • 2. Due to increased usage, APIs have become a new attack vector for cybercriminals and make applications and databases vulnerable to web application attacks.
  • 3. Yes 68.8% No 24.4%Don’t know 6.8% Are you exposing APIs to your partners and the public?
  • 4. How many public facing APIs exist in your organization? 0 1-10 11-50 51-100 101-200 201-300 3.2% 301-400 401-500 501-750 751-1000 1001+ Don’t know 5.6% 8.8% 8.8% 10.4% 8% 10.8% 12.4% 8% 8% 7.2% 8.8% Number of APIs
  • 5. When thinking about securing your APIs, what is your main concern? Bots and DDoS attacks Authentication enforcement Need to profile APIs Inspection of API content to detect attacks Other concern Not applicable / No concerns 39.2% 24.4% 13.6% 14.8% 0.4% 7.6%
  • 6. Yes 80% 12% No 8% Not applicable / Don't Know Are you using an API gateway to manage public facing APIs? ?
  • 7. Yes 80%14.8% No 5.2% Not applicable / Don't Know Are you using a public cloud service to manage and secure APIs? ? X
  • 8. 76.4%63.2% Web Application Firewall API GatewayNo security How are you securing your APIs? Network FirewallNot applicable / I don't know Runtime Application Self Protection 44.8% 5.6% 63.2%0.8%
  • 9. 1.21%78.23% 10.89% DevOpsIT Security team App Developers Who typically oversees the security of your APIs? 6.05% DevSecOps Someone else Not applicable / I don't know 0.4% ? 3.2%
  • 10. 8.4% 76.4% 15.2% No Yes Not applicable / Don't Know Does your company treat API security differently than web security?
  • 11. Are DevOps part of your application development? Can you see security (DevSecOps) in the future of application development? Yes 92.4% No 4.4% I'm not sure 3.2% Yes 89.6% No 8% Not applicable / Don't Know 2.4% ? ?
  • 12. APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company’s data. To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.” — Terry Ray, Imperva CTO “
  • 13. LEARN MORE Six Ways to Secure APIs
  • 14. Imperva is a leading provider of cyber security solutions that protect business-critical data and applications.