Cloudflare recently released its API security and management report found HERE. Some interesting points I took away are the following.
Key findings from the report:
- APIs outpace other Internet traffic – Successful API requests accounted for 57% of Internet traffic (dynamic HTTP traffic)
processed by Cloudflare.1 - Unknown attack surfaces – Machine learning models discovered nearly one-third (30.7%) more API endpoints than what organizations self-reported.
- 1 error: Too many requests – Over half (51.6%) of API error rates comprised “Too Many Requests” (429 errors)
- #1 mitigation method: DDoS protection – One-third (33%) of API mitigations comprised blocking Distributed Denial of Service (DDoS) attacks.
- Industry variations – Industries with the highest share of API traffic included the IoT platform, rail/bus/taxi, legal services, multimedia/games, and logistics/ supply chain industries.
- Regional variations – API traffic share was highest in Africa and Asia. API traffic varied the most in the Middle East.
Common API Errors
The most common result of a misdiagnosis of an API error is the wondaful and enjoyable 429 error.
Top API threats
Two ways to mitigate API vulnerabilities are 1) Schema validation and 2) Dealing with authentication loopholes.
You can find these points and more via the full report.