Insecure Application Programming Interfaces (APIs) in Zero-Trust Networks

Application programming interfaces (APIs) are the most vulnerable points of attack because APIs are not visible to the user and because most users and computer professionals are not aware API weaknesses. This unique qualitative case study of the complex phenomenon of API insecurity resulted in valua...

Full description

Saved in:
Bibliographic Details
Main Author Qazi, Farhan A
Format Dissertation
LanguageEnglish
Published ProQuest Dissertations & Theses 01.01.2022
Subjects
Artificial intelligence
Computer science
Information science
Information Technology
Online AccessGet full text

Cover

More Information
Summary:Application programming interfaces (APIs) are the most vulnerable points of attack because APIs are not visible to the user and because most users and computer professionals are not aware API weaknesses. This unique qualitative case study of the complex phenomenon of API insecurity resulted in valuable information when compared with the available quantitative research results at this time. This study allowed the researcher to collect and analyze responses from API developers, engineers, managers, and users through an open-ended research question survey relating to the awareness of the insecurity of API insecurity, the vulnerabilities posed to organizations, and how to increase API insecurity awareness. The findings revealed that most computer users and professionals are unaware of API insecurity, lack adequate API security training, and depend on the security of the network, rather than that of the APIs. Surprisingly, most of the respondents to the study’s survey thought that the existing methods for API security would be enough to reduce the vulnerabilities associated with APIs. Four major themes emerged after coding the survey participants’ data using NVivo, which formed the basis of the theory that was developed to mitigate API insecurity and increase awareness of this potential challenge indifferent organizations. Implications for applying the study’s findings suggest that API gateways should be used to implement all the security techniques of APIs, instead of relying on regular network security controls. API designers and developers should, therefore, incorporate API security at each stage of design. As the number of APIs increase over time, future work should include the use of Machine Learning algorithms (ML) and Artificial Intelligence (AI) to detect anomalies and stop attacks within network environments that contain numerous APIs.
ISBN:9798790650468