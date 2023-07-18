A notable lack of API security testing tools

The 2023 SANS Survey on API Security found that fewer than 50% of respondents have API security testing tools in place. Even less have API discovery tools (29%). What’s more, the report says that taking advantage of the API security controls that are included in distributed denial-of-service (DDoS) and load balancing services is “an underutilized area”: just 29% of respondents reported using those features.

It’s a worrisome trend, considering the increase in attacks. As Akamai reported in its recent State of the Internet report, Slipping Through the Security Cracks: The Rise of Application and API attacks, 2022 was a record year for application and API attacks. Perhaps the lack of adoption of API tools with comprehensive coverage should come as no surprise, however, considering what respondents to the SANS survey said they believe to be the top security risks to their organization.

The report, released in July 2023, surveyed 231 respondents, most from the United States. Seventy-eight percent of respondents currently play a role in application security, with another 15% looking toward future involvement.