Abstract
To some, Application Programming Interface (API) is one of many buzzwords that seem to be blanketed in obscurity because not many people are overly familiar with this term. This obscurity is unfortunate, as APIs play a crucial role in today’s modern infrastructure by serving as one of the most fundamental communication methods for web services. Many businesses use APIs in some capacity, but one often overlooked aspect is cybersecurity. This aspect is most evident in the 2018 misuse case by Facebook, which led to the leakage of 50 million users’ records.1 During the 2018 Facebook data breach incident, threat actors used Facebook developer APIs to obtain the personal information of Facebook users over the span of a year. This incident raised many concerns due to it potentially violating users’ privacy. This entire third-party data harvesting incident might not have occurred if Facebook had a more proactive API security and management system. This example was a very considerable data breach, but a similar attack could happen to any business that does not correctly understand and implement different security requirements based on the paradigm shift that APIs present. This raises the issue of how to properly secure APIs in a world where they can be misused, with Gartner Research stating that APIs will be a major attack vector in the next few years due to their widespread use.2 To tackle this problem, this research paper sets to discuss the nature of APIs and their security vulnerabilities. Then, we will go into possible preventative measures and design decisions to secure APIs depending on the usage context. This paper aims to offer a blueprint on security best practices to secure API systems across various use cases.
Document Type
Paper
Disciplines
Digital Communications and Networking | Information Security
DOI
10.25776/9t96-0168
Publication Date
2021
Upload File
wf_yes
On the Usage and Vulnerabilities of API Systems
To some, Application Programming Interface (API) is one of many buzzwords that seem to be blanketed in obscurity because not many people are overly familiar with this term. This obscurity is unfortunate, as APIs play a crucial role in today’s modern infrastructure by serving as one of the most fundamental communication methods for web services. Many businesses use APIs in some capacity, but one often overlooked aspect is cybersecurity. This aspect is most evident in the 2018 misuse case by Facebook, which led to the leakage of 50 million users’ records.1 During the 2018 Facebook data breach incident, threat actors used Facebook developer APIs to obtain the personal information of Facebook users over the span of a year. This incident raised many concerns due to it potentially violating users’ privacy. This entire third-party data harvesting incident might not have occurred if Facebook had a more proactive API security and management system. This example was a very considerable data breach, but a similar attack could happen to any business that does not correctly understand and implement different security requirements based on the paradigm shift that APIs present. This raises the issue of how to properly secure APIs in a world where they can be misused, with Gartner Research stating that APIs will be a major attack vector in the next few years due to their widespread use.2 To tackle this problem, this research paper sets to discuss the nature of APIs and their security vulnerabilities. Then, we will go into possible preventative measures and design decisions to secure APIs depending on the usage context. This paper aims to offer a blueprint on security best practices to secure API systems across various use cases.