Business Logic Abuse Dominates as API Attacks Surge


APIs now comprise nearly three-quarters (71%) of web traffic, posing a significant threat to corporate cybersecurity by expanding the cyber-attack surface, according to Imperva.

The security company revealed the findings in its Imperva State of API Security Report, which was compiled from intelligence gathered by its products.

It found that attacks on the business logic of APIs accounted for the largest share (27%), followed by automation (19%).

Imperva said business logic attacks – which grew as a share of the total by 10% annually – could include credential stuffing, fake account creation and data scraping.

Read more…