The Cequence threat research team released its API security report for the first half of 2022, showing that nearly a third of malicious requests target shadow API.
The team analyzed over 16.7 billion API transactions and discovered that 31% or 5 billion malicious requests targeted unknown, unmanaged, or unprotected APIs called shadow API. According to Cequence, shadow API was the leading source of API security risks, followed by API abuse or OWASP API10+ and the “Unholy Trinity” of credential stuffing, shadow API, and sensitive data exposure.
Cequence noted that the wide adoption of API attracted subsequent targeting by threat actors, expanding the threat landscape. The researchers noted that APIs are popular with developers because of their flexibility, speed, and ease of use, unlike web services. Additionally, their flexibility derives from the fact that they do not require web application firewall configurations or third-party API gateways. Their popularity has led to many modern applications, such as shopping and financial apps, relying on APIs for transactions and seamless integration.
However, APIs are also popular with attackers because hackers can easily find coding…
