Attacks on APIs with poor configuration or programming grew over 600% in 2021

Salt Security analysts warn of a sharp rise in API attacks, with most companies still underestimating these high risks.


The report shows that, while the overall API traffic increased by 321%, the traffic of API attacks grew 681% of in 2021.


The API (Application Programming Interface) is a software interface for online services that allows applications to exchange information with each other.

When incorrectly secured, eg. without strong authentication through the use of certificates between the authorized systems, bad actors could exploit the weaknesses to perform a myriad of attacks that could cause data breaches, alteration of data, injection of malware and Distributed Denial of Service (DDoS) on 3rd party infrastructure.

The reality is that organizations don't invest sufficiently in testing their APIs before moving to production. But also, on the contrary, they fail to decommission unused APIs that might eventually be dropped out of maintenance and not be patched regularly.

The Bleeping Computer article