With more companies embracing APIs, they are fast becoming the weak link in the organizational security chain. In our post-Equifax world, APIs still fly under the radar of security professionals, and the future will only bring more incidents unless leaders adopt strategies and tactics to mitigate the inherent “openness” of APIs.

The Equifax breach was the result of a known vulnerability in the Apache Struts web framework but not all exposures are so easily identified and patched. There are numerous potential attack vectors with APIs — on average, there are 22 vulnerabilities per web application and they are so commonplace that OWASP has an entire list dedicated to the API Security Top 10.

Source: DZone