LAST YEAR THE TOP ATTACK VECTOR FOR THIS COHORT WAS AUTHORISATION VULNERABILITIES , WITH 23 %, THIS DROPPED TO 15 % IN 2023 . year the top attack vector for this cohort was authorisation vulnerabilities , with 23 %, this dropped to 15 % in 2023 . This year web application firewalls were in second place with 19 %, followed by API gateways and Dormant or Zombie APIs , with both being 16 %.
D I G I T A L D I A G N O S T I C S
sensitive data . Over half , ( 60 %) admitted to only having a partial view of inventory or a full inventory but no idea which APIs return sensitive data . This compares favourably to the 72 % of respondents who reported a lack of visibility last year , with only 28 % having a full inventory of APIs and knowing which returned sensitive data .
The API security testing disconnect , first revealed in our 2022 research , is evidenced
in the gap between real-time / testing at least once per day , and the corresponding number of API security incidents . The good news is that this gap has closed slightly , with the cadence of testing APIs for vulnerabilities increasing in the financial services sector
LAST YEAR THE TOP ATTACK VECTOR FOR THIS COHORT WAS AUTHORISATION VULNERABILITIES , WITH 23 %, THIS DROPPED TO 15 % IN 2023 . year the top attack vector for this cohort was authorisation vulnerabilities , with 23 %, this dropped to 15 % in 2023 . This year web application firewalls were in second place with 19 %, followed by API gateways and Dormant or Zombie APIs , with both being 16 %.
With the high frequency of attacks , it was interesting to note that visibility appears to be better now than it was a year ago , with 40 % of healthcare respondents saying that they have a full inventory and know which APIs return with real time testing jumping from 8 % in 2022 to 15 % in 2023 and 37 % saying they are testing at least once a day , which compares favourably again to the 30 % that said this last year . This shows that this sector is starting to really understand the criticality of API security testing with 52 % either testing in real-time or at least once a day , which is a marked improvement on last year . However continuous testing is essential to eliminate vulnerabilities and real-time testing must continue to improve . �
www . intelligenthealth . tech 65