International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

Application Programming Interface (API) Security: Cybersecurity Vulnerabilities Due to the Growing Use of APIs in Digital Communications

Abstract

Organizations and consumers must have robust API management and security programmes to ensure they employ the most up-to-date policies to verify that these interactions are sufficiently safe. Technology providers provide API Management solutions to their customers, and API security standards have been established to ensure the security of API transactions. As part of the endeavor to make APIs open and straightforward to deploy for both Business to Business (B2B) and Business to Consumer communications, security requirements must be considered as part of the API management process. This paper gathered information in order to determine why APIs are susceptible. It investigated the various perspectives among Customers regarding their own professional experiences with developing private APIs for their organizations. It compared this to the Cyber Security Vendor/Supplier segment, which provides products and services to assist their Customers with API development and security and management. The findings were compared to the findings of the previous research. According to the study’s findings, API exploits are typically not identified when they occur, and attitudes on security readiness fluctuate depending on the IT job. During the course of this study, several essential blocking and tackling concepts were discovered that might be used by any business to improve API security management.

Country : Iraq

1 Alaa Abdul Al Muhsen Hussain Al Zubaidi2 Dr. Pro. Florentin Ipate

  1. Department of Computer Science, Faculty of Mathematics and Computer Science and ICUB, & University of Bucharest, Str. Acadimiei 14, sector 1, 010014, Buchareast, Romania, & Department of Computer Information Systems, Faculty of Computer science and Inform
  2. Department of Computer Science, Faculty of Mathematics and Computer Science and ICUB, & University of Bucharest, Str. Acadimiei 14, sector 1, 010014, Buchareast, Romania

IRJIET, Volume 6, Issue 6, June 2022 pp. 108-117

doi.org/10.47001/IRJIET/2022.606014

Full Paper
Download

References

  1. Berlind, D., Santos, W., Sundstrom, K. (2019, June). The ProgrammableWeb Research Center. Retrieved from https://www.programmableweb.com/api-research.
  2. Chen, Z., Chen, K., Jiang, J., Zhang, L., Wu, S. (2017). Evolution of Cloud Operating System: From Technology to Ecosystem. Journal of Computer Science and Technology; Beijing Vol. 32, Iss. 2, 224-241. DOI:10.1007/s11390-017-1717-z
  3. Confessore, N., Rosenberg, M. (2018, May). Cambridge Analytica to File for Bankruptcy After Misuse of Facebook Data. Retrieved from https://www.nytimes.com/2018/05/02/us/politics/cambridge-analytica-shutdown.Html?searchResultPosition=2
  4. Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed methods approach (3rd ed.). Thousand Oaks, CA: Sage.
  5. Edwards, M., Gawade, P., Leung, J., McDonald, B., Schalk, K., Scott, K., Van Order, B., Woodward, S. (2017, July). Practical Guide to Cloud Management Platforms. Cloud Standards Customer Council. Retrieved from https://www.omg.org/cloud/deliverables/CSCC-Practical-Guide-to-Cloud-Management-Platforms.pdf.
  6. Equinix (2019, October). Global Interconnection Index, Volume 3. Equinix, Inc. Retrieved from https://www.equinix.com/global-interconnection-index-gxi-report
  7. Feiner, L., Rodriguez, S. (2019, July). FTC slaps Facebook with a record $5 billion exemplaries, and orders privacy oversight. Retrieved from https://www.cnbc.com/2019/07/24/facebook-to-pay-5-billion-for-privacy-lapses-ftc-announces.html
  8. George, T. (2018, June). The Next Big Cyber-Attack Vector: APIs. SecurityWeek. Retrieved from https://www.securityweek.com/next-big-cyber-attack-vector-apis
  9. Harguindeguy, B. (2017, Mar). AI-powered API security with Bernard Harguindeguy of Elastic Beam. Pentester Academy TV. Retrieved from https://www.youtube.com/watch?v=R9QAJri8jAU&t=42s
  10. Henning. M. (2009, May). API design matters. Commun. ACM 52, 5, 46–56. Retrieved from https://doi-org.avoserv2.library.fordham.edu/10.1145/1506409.1506424
  11. Kvale, S., Brinkmann, S. (2009). Interviews: Learning the Craft of Qualitative Research Interviewing. Second Edition; Sage.
  12. Karhu, K., Gustafsson, R., Lyytinenc, K. (2018). Exploiting and Defending Open Digital Platforms with Boundary Resources: Android’s Five Platform Forks. Information Systems Research SYSTEMS RESEARCH, Vol. 29, No. 2. ISSN 1047-7047 (print), ISSN 1526-5536 (online).
  13. Malinverno, P., O’Neill, M. (2016). Magic Quadrant for Full Life Cycle API Management. The Gartner Group. Document ID: G00277632.
  14. McGrath, G, Brenner, P. (2017). Serverless Computing: Design, Implementation, and Performance. 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW), Atlanta, GA, 2017, pp. 405-410.
  15. Mendoza, A., Gu, G., (2018). Mobile Application Web API Reconnaissance Web-to-Mobile Inconsistencies and Vulnerabilities. IEEE Symposium on Security and Privacy.
  16. Merriam, S. B. (2009) Qualitative research: A guide to design and implementation. San Francisco, CA: Jossey-Bass.
  17. Mitchell, B (2019, August). The Layers of the OSI Model Illustrated. Retrieved from https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
  18. Monahan, D., (2017, April). Why There Is No API Security. Radware Blog. Retrieved from https://blog.radware.com/security/2017/04/no-api-security/
  19. Newman, L.H. (2017 July). How Netflix Ddos’d Itself to Help Protect The Entire Internet. Wired. Retrieved from https://www.wired.com/story/netflix-ddos-attack
  20. Niinioja, M., Moilanen, J. (2018, May). Do you Categorize your APIs? Osaango. Retrieved from https://www.osaango.com/blog/why-should-you-categorize-your-apis
  21. Rajaram, B., Babu, C., Kishore, C., Kumar R, (2013). API based security solutions for communication among web services, 2013 Fifth International Conference on Advanced Computing (ICoAC), Chennai, pp. 571-575.
  22. Romano, A., (2018, March). The Facebook data breach wasn’t a hack. It was a wake-up call. Vox. Retrieved from https://www.vox.com/2018/3/20/17138756/facebook-data-breach-cambridge-analytica-explained
  23. Rosenberg, M., Confessore, N., Cadwalladr, C. (2018, March). How Trump Consultants Exploited the Facebook Data of Millions. Retrieved from https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html
  24. Salem, E., Mazalevskis, C., (2017, July). API-Security-Checklist. Shieldfy. Retrieved from https://github.com/shieldfy/API-Security-Checklist
  25. Santos, W. (2017, March). API Directory Eclipses 17,000 as API Economy Continues Surge. The ProgrammableWeb. Retrieved from https://www.programmableweb.com/news/programmableweb-api-directory-eclipses-17000-api-economy-continues-surge/research/2017/03/13
  26. Shoemaker, A., Lambert, K. (2018, January). API Endpoints: The New DDoS Attack Vector for Cybercriminals. BrightTALK. Retrieved from https://www.brighttalk.com/webcast/14611/296621/api-endpoints-the-new-ddos-attack-vector-for-cybercriminals
  27. Siedlecki, Sandra L. (2020, January/February). Understanding DescriptiveResearch Designs and Methods. Clinical Nurse Specialist. Retrieved from https://journals.lww.com/cns-journal/Fulltext/2020/01000/Understanding_Descriptive_Research_Designs_and.4.aspx
  28. Siriwardena, P (2014). Advanced API Security – Securing APIs with OAuth 2,0, OpenID Connect, JWS, and JWE. Apress ISBN 978-1-4302-6818-5e-ISBN 978-1-4302-6817-8.
  29. Spring, T (2018, August). T-Mobile Alerts 2.3 Million Cyber Security Customers of Data Breach Tied to Leaky API. ThreatPost. Retrieved from https://threatpost.com/t-mobile-alerts-2-3-million-Cyber Security Customers-of-data-breach-tied-to-leaky-API/136896
  30. Stannard, A. (2015, August). The Inevitable Rise of the Stateful Web Application. Petabridge. Retrieved from https://petabridge.com/blog/stateful-web-applications
  31. W. Pei, J. Li, H. Li, H. Gao and P. Wang (2017). ASCAA: API-level security certification of android applications, in IET Software, vol. 11, no. 2, pp. 55-63.
  32. Wheeler, C., (2018, February). Three New Attack Vectors That Will Be Born Out of IoT. Liquid Web. Retrieved from https://www.liquidweb.com/blog/three-new-attack-vectors-will-born-iot/
  33. Wichers, D., Williams, J. (2018, March). Top Ten Most Critical Web Application Security Risks. The OWASP Foundation. Retrieved from https://owasp.org/www-project-top-ten/

Copyright @ 2026-2017 IRJIET. All Right Reserved.

Developed by Byzero Technologies