The shift-left approach continues to fail organizations in securing APIs, Salt Security researchers noted in its recent report.
Salt Security’s State of API Security report combines customer data and survey responses from more than 350 security, DevOps, and application development professionals. It found that 94% of respondents experienced security incidents in production APIs last year and 20% of them suffered a data breach because of those security gaps.
The report also showed that API attack traffic grew 117% and overall traffic increased 168% among Salt Security customers.
Researchers pointed out that as enterprise API usage continues to explode, the existing API security approaches that focus on shifting left are failing to protect APIs adequately.
While more than half (53%) of the surveyed professionals already prioritized identifying and remediating API security gaps during development and 59% of them look for API issues in testing, a large majority (94%) of them reported API security incidents, which indicate a need for increased runtime protection, the report pointed out.
Plus, shift-left practices ranked the lowest among the six important attributes of API security platforms that Salt Security listed, with only 22% of the respondents choosing it. Near half of them (41%) cited stopping attacks as the “highly important” element, followed by identifying which APIs expose personally identifiable information (PII) or sensitive data.
Those security concerns already caused delays for businesses, the report found. Over half of the respondents stated they had to delay new application rollouts due to API security concerns.
"With API attacks accelerating year over year, it’s no wonder our survey shows security as the top concern about API strategies,” Salt Security CEO and co-founder Roey Eliyahu said in a statement. “The report findings also show the need for a more robust API security strategy – starting with development but especially focused on runtime – to better protect this expanding attack surface and companies’ most valuable assets.”