Shadow, Zombie and Misconfigured APIs Are a Security Issue
Feature image via Pixabay.
Shadow APIs are a problem that not everyone takes seriously. Only 11% of people surveyed for Salt Security’s State of API Security Q3 2021 are greatly concerned about the security risks of shadow or unknown APIs. In contrast, 42% are greatly worried about zombie APIs, which were assumed to be turned off but can be targeted for an account takeover.
The first step towards addressing shadow APIs is documenting the ones your organization has. Compared to when the study was first conducted six months ago, the percentage of respondents that are at least somewhat confident their API inventory is complete increased from 53% to 62%.
Salt Security’s customer data indicates that respondents significantly underestimate the number of existing shadow APIs. Everyone also knows that misconfigured APIs are a big and growing problem for cloud security. Every unaccounted API adds to that problem, but so do APIs that are documented incorrectly.
Perhaps the easiest thing to do going forward is to remind everyone that zombie APIs are really just a category of shadow APIs. The harder part will be to get adults to admit they are afraid of their shadows.