The speed of business is constantly increasing. To keep up, organizations have started to develop and release new products, websites, and apps at breakneck speeds. This quickened pace has shifted the way web applications are developed.
Development software now needs to seamlessly integrate into other tools, so there are more APIs, and because we want to release apps faster, we’ve moved to a micro-service architecture. These are both fantastic ways to switch the paradigm of development, but there is concern that, as we move quicker, the security of these new innovations doesn’t keep up with the speed at which they are built. The more rapidly companies release code, the faster they release potential vulnerabilities that nefarious threat actors can exploit.
Our industry cannot forget about the security of new applications. Recently, we tested a number of “API first” applications and noticed a disturbing pattern. Simple vulnerabilities — ones that should never be present, like being able to view another user’s data by simply using my API key and changing the value in a parameter — are everywhere. These are threats that shouldn’t be on the table.
Read more here.