Those vulnerability attacks on app

  With more and more organizations 、 Institutions and enterprises will apply App Development , Production and trusteeship come first , New vulnerabilities and threats have emerged . Reduce publishing time , The need to improve user experience and improve resource utilization may affect the security protocols implemented before deploying applications .

Accept Radware investigating 98％ Of the respondents saw the application App and Web Various attacks on the server , And how to protect API And the transmission of sensitive data .

The attack frequency varies greatly

The survey showed the three most common applications and Web Server attack . about 57％ Organization ,SQL Or other injections occur monthly or more frequently , Cross Site Request Forgery （CSRF）, conversation / cookie Attacks such as poisoning or protocol attacks occur much less frequently . In some cases , Respondents reported that , They have not seen such attacks in their own organizations .

RPA And automatic attacks are increasing , But the enterprise is not ready to manage robot traffic

Robot process automation and other good robots can help improve productivity and business processes （ For example, data collection and decision-making ）, And bad robots are websites , Mobile apps and API Target , To steal data and destroy Services .

Organizations continue to rely on traditional security solutions to assess robot traffic . Today's complex malicious robots can imitate human behavior , And bypass verification codes and other older technologies and heuristics .

WAF It is the most commonly used tool for classifying robots

Although these technologies are detecting complex , The flow of robots similar to human beings is limited , But nearly half of the organizations use Web Application Firewall （WAF） To distinguish between real users and robots , And almost the same organization uses... Based IP To distinguish . . Other techniques used include in session detection and termination, and CAPTCHA. The least commonly used way to distinguish between real users and robots is a dedicated anti robot / Anti crawl solution .

The three main types of roaming attacks reported by respondents are DDoS,Web Crawl and account takeover . Various other types of attacks will also occur at a certain frequency , Including digital fraud , Reject the abuse of inventory and payment data .

adopt DDoS Exhausted application resources

80％ Of people reported that their applications suffered DoS attack . Like for network infrastructure DDoS The attack is the same , The most common way to close an application is to flood it with incoming requests . Almost three fifths of organizations experience it at least once a month HTTP Flood（ If not more frequently ）. Almost two fifths of people often experience at least HTTPS Floods. Other kinds of DoS Attacks also occur at a certain frequency , Including buffer overflow and resource exhaustion attacks .

API Handle various types of confidential data

Investigation found ,API Dealing with all kinds of data types . In most organizations ,API Handle sensitive personal data , An E-mail address, for example , Phone number , Address , User credentials , token , Hash ,Cookie And payment information . Many organizations also use API​​ process information , This includes identifying information about individuals , In some cases, it also includes medical records .

Most applications pass API Disclose sensitive data

Respondents said , Most applications pass API Exposed to Internet and / Or third-party application services . although 27％ Less than a quarter of the organization's applications are public , but 35％ Public applications account for a quarter to a half , and 38％ More than half of the public applications .

The challenge for application development teams to protect their applications in the new cloud environment is hidden danger , In the new cloud environment , The security of application data running on containers is still not well understood , Although there are some tools available , But there are no best practices yet .57％ Your organization is already using containerized applications , but 52％ Of the respondents believed that using containers did not bring additional financial efficiency .

About using API​​ Major concerns

The survey shows that , Three fifths of the respondents were worried or extremely worried about using API​​ May cause security vulnerabilities . A large number of respondents are worried about accidental data loss , Management and maintenance overhead and usage API​​ The excessive complexity of .

Studies have shown that , Yes API Attention level of use and application exposure Internet and / Or the degree of third-party applications . for example , In those “ Very concerned ” Among those who have these problems , Yes 40％ More than half of the respondents have applications exposed to API. however , Among those who need little attention , Not more than half will be exposed to API.

API Attacks are common

All kinds of API Attacks are quite common . The survey shows that , Yes 55％ At least once a month API Of DoS attack ,48％ Our organization experiences some form of injection attack at least once a month ,42％ Our organization experiences elements at least once a month / Attribute manipulation .

WAF Is the most common defensive measure

Respondents were asked what they used to protect

API All kinds of technology . Yes 77％ People who use WAF Protect API, and 61％ People who use API​​ gateway , and 50％ Of people use additional cloud services . Currently, only a quarter of organizations use any type of dedicated roaming management tool to protect their API.