Almost half of all account takeover attacks targeted Application Programming Interface (API) endpoints, according to Imperva’s The State of API Security in 2024. As APIs play a central role in application modernisation and seamless connectivity, understanding the risks and complexities of securing APIs remains crucial.
API security risks
The findings also reveal that most (71%) web traffic is API-related, surpassing typical web traffic and posing growing risks, such as unauthorised access, data breaches, and sophisticated cyber-attacks.
Among the top attack vectors for 2023 were business logic abuse (27%) and automated agents or bad bots (19%). Furthermore, API attacks in 2023 targeted the financial services (20%), business (16.9%), and the travel industry (11.2%).
India emerged third among the top targeted countries for API violations, with 7.5% of all API violations targeting customer accounts.
API security recommendations
To improve your API security, Imperva recommends updating API inventory, performing risk assessments, establishing a comprehensive monitoring system for API, and adopting an API Security approach that integrates Web Application Firewall (WAF), API Protection, Distributed Denial of Service (DDoS) prevention, and Bot Protection.