Application Programming Interface (API) is one of the most critical components of software applications which mediates communication between different applications and exchanges permissible data. APIs, as a fundamental integrant of software, are acutely important to secure, as vulnerabilities can be exploited by threat actors.

“When it comes to API-based attacks or API attacks, just within 2024, if we compare the second half of the year to the first half, there was a 188 percent surge in those types of attacks,” articulated Uri Dorot, the Senior Product Marketing Manager at Radware.

To ultimately enhance a business’s ability to detect and respond to cyber threats, securing APIs is key. These APIs are also essential in controlling access to sensitive business logic and data – acting as a key attack vector.

In this episode of the Security Strategist podcast, Chris Steffen, VP of Research at EMA is joined by Dorot. They discuss the biggest challenges facing API security particularly pertaining to business logic attacks.

The speakers address the question – Can organisations truly mitigate targeted attacks against their APIs and application business logic? Dorot breaks down the steps and provides practical security strategies to protect enterprises from not only falling into traps but also using business logic for effective protection against increasingly sophisticated threats.

Takeaways

  • Business logic attacks exploit legitimate API calls in illegitimate ways.
  • Visibility into API environments is crucial for effective security.
  • Organizations often lack documentation for their APIs, increasing risk.
  • AI tools can help discover and map API endpoints and business logic.
  • Business logic is complex and constantly evolving, requiring ongoing attention.
  • Attackers use AI to enhance their reconnaissance and exploit strategies.
  • Contextual understanding is key to identifying unusual access patterns.
  • Security solutions must adapt to the dynamic nature of applications.
  • Real-time/runtime mitigation is necessary to respond to evolving threats.
  • HTTP DDoS attacks on API-based applications require specialized behavioral-based protection.

Chapters

00:00 Introduction to API Security Challenges

02:32 Understanding Business Logic Attacks

06:11 The Importance of API Visibility

12:26 AI's Role in API Security

17:52 Trends in API Security with Generative AI

21:43 Context and Granularity in Protection

28:58 Key Takeaways for Security Practitioners

About Radware

Radware is a leading cyber security solutions and application delivery solutions company globally. They provide award-winning security and availability for infrastructure, applications, and enterprise IT across physical, cloud, and software-defined data centers.

Trusted by over 12,500 enterprises and carriers worldwide to enhance digital experience, ensure business continuity, and maximise productivity with cost-effective solutions.