Nov 2, 2021
0 0

Web App and API Security Needs to Be Modernized: Here’s How

Written by

Applications are critical for doing business. They are also the weakest links in many an organization’s security chain. Many APIs continue to expose the personally identifiable information of customers, employees and contractors.
As OWASP (Open Web Application Security Project) notes on its API Security Project homepage: “By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible.”
OWASP cites 10 common problems on the API Security Project homepage, including:
Clearly, web app and API security is overdue for a security overhaul. The question is where to begin and where to go from there?
As a company whose edge cloud platform is designed to give developers the tools to build apps that are as secure as they are fast and groundbreaking, Fastly has put a lot of thought into the path forward.
Sean Leach, Fastly’s chief product architect, identified the challenges in a recent blog post.
“The truth is, most web app and API security tools were designed for a very different era,” he wrote. “A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren’t bogged down by the limitations of legacy solutions.” In response, he said, it’s time for a change.
To that end, he outlined the company’s new rules for web application and API security, which he believes will respect the way modern applications are built:
“It’s not enough to ship software quickly. We must ship high-quality software securely,” he said. “For our part, we’ll be focused on building web application and API security solutions that live up to the rules we outlined today. We’re in this together.”
Sean recently joined Application Security Weekly to offer a deeper dive into the new rules. The episode was sponsored by Fastly.
To learn more, watch the interview on Application Security Weekly here or visit for more information.

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.
We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.
Back to Top
 RSS – Posts


Article Categories:
Cybersecurity News

Comments are closed.