APIs have become a primary target for hackers, who have discovered APIs are frequently under-secured and over-permissioned. Auditors and regulators are also noting the risk created by public-facing APIs.
APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. BOLA checks should be considered in every function that accesses a data source.
APIs account for over 80% of Internet traffic and will become the “most frequent attack vector" by 2022. Securing APIs requires new approaches.