“…Application programming interfaces (APIs) — or sets of instructions that allow apps to interact with one another — are popular because they reduce coding time, serve as a consistent baseline for many apps, and help spur innovation.But, as with many things in life, they have a downside: More and more, we see APIs targeted as some of the most vulnerable points of modern infrastructure. In August 2017, for example, reporters revealed that hackers had exploited an unauthenticated API on the Panera Bread website to leak the personal data of 37 million customers.
The problem, according to Jason Macy, CTO of Forum Systems, is that lightweight API gateways and software-based identity enforcement points aren’t purpose-built to protect API endpoints or the technology serving integration points.
…”