Tricentis unveiled two innovations that aim to redefine the future of software testing for the enterprise.
Why Your Company Needs an API Security Champion for 2024
February 14, 2024
Everyone can agree that application programming interface (API) security is important, but whose responsibility is it? Many organizations don't have a clear answer — and this presents a major opportunity for developers to step up into an important new role: API champion.
Given their hands-on experience with APIs, development teams understand the integrations better than anyone. Becoming their company's API champion empowers developers to assess their current security posture, identify potential vulnerabilities, and determine what to do in the event of an incident.
All too often, development teams are left scrambling in the event of a breach. A 2023 report from Noname Security found that more than half of developers (53%) spend between 26-50% of their time on API refactoring and remediation; 14% say that takes up 51-75% of their workday. With cybersecurity issues on the rise, development teams are spending entirely too much time fixing issues that could have been prevented.
Why API Security Must Remain a Priority in 2024
As most developers are aware, APIs allow software components to interact with each other, whether it's within the same application, on the same device, or over a shared network. Currently, they account for more than 80% of current internet traffic, according to the 2023 report. That's because companies have an average of 15,564 APIs in use at any given time, according to 451 Research. This balloons to 25,592 APIs for enterprises with more than 10,000 employees.
And because they're so pervasive, APIs can also act as both a gateway and a getaway car for hackers to steal private information, including critical business data.
As attack surfaces continue to broaden, it comes as no surprise that API security incidents are on the rise, with 78% of businesses reporting an issue in 2023, up from 76% the year before, according to the study. Organizations that collect more personally identifiable information (PII) from their customers, including financial services firms, retail and e-commerce companies, and healthcare organizations, were hit especially hard, the data shows.
Deep pockets don't seem to change a company's fate against sophisticated hackers either, as companies with robust cybersecurity programs, including X (formerly Twitter) and Dropbox, have all fallen victim to major API breaches over the past few years. These incidents often have a major impact on customer satisfaction and ultimately, a company's bottom line.
Ensuring data security is an important, albeit overwhelming task, so it's important to identify an API champion's responsibilities.
What Exactly Does an API Security Champion Do?
To safeguard a company's data, an API security champion must have a clear understanding of how APIs are being used and where. They should also:
1. Make sure APIs are secure before they're deployed
The vast majority of API defects — more than 85% — are created in development, usually during the initial coding phase, the study found. Remediating a problem before it's shipped is easier and more cost effective, so it's critical to ensure APIs are secure from the start.
2. Test APIs continuously
Regular testing will be critical for eliminating vulnerabilities, especially as attack surfaces continue to broaden. Fortunately, modern tools have emerged that make testing APIs fast, efficient, and scalable without putting more stress on developers.
3. Gain visibility into their company's API footprint
The majority of respondents in the study reported a lack of visibility into their API footprint. While 72% of US businesses surveyed said they have a full inventory of APIs, just 40% knew which ones returned sensitive data. In addition, 26% claimed to have a partial list, but of those, only 24% said they knew which ones to prioritize. Without that information, it becomes impossible to accurately assess risk and exposure levels.
The most effective way to change this is by leveraging tools that create a working catalog of a business' APIs. Knowing where sensitive data is traversing APIs has the added benefit of helping organizations stay compliant with regulations like Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR), and Health Insurance Portability and Accountability Act (HIPAA).
Developers have a complicated job, and API security breaches only make it tougher. By investing in protecting API security from the start, teams can more effectively secure their attack surfaces, protect data, and get back to the work that really matters: core development.
Industry News
June 24, 2025
Snyk announced the acquisition of Invariant Labs, an AI security research firm and early pioneer in developing safeguards against emerging AI threats.
June 24, 2025
ActiveState expanded support of secure open source to include free and customized low-to-no vulnerability containers that facilitate modern software development.
June 24, 2025
Pythagora launched an all-in-one AI development platform that enables users to build and deploy full-stack applications from a single prompt.
June 24, 2025
Cloudflare announced that Containers is in public beta.
June 23, 2025
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Agent2Agent (A2A) project, an open protocol created by Google for secure agent-to-agent communication and collaboration.
June 23, 2025
Salesforce announced Agentforce 3: a major upgrade to its digital labor platform that gives companies the visibility and control to scale AI agents without compromise.
June 23, 2025
Wix.com Ltd. announced its acquisition of Base44, an AI-powered platform that enables anyone to create fully-functional, custom software solutions and applications using natural language, without the need for traditional coding.
June 18, 2025
Code Platoon, a nonprofit coding bootcamp for Veterans, active duty Servicemembers, and military families, is proud to announce the launch of its newly revamped AI Cloud and DevOps Engineering program.
June 18, 2025
Salt Security announced the launch of Salt Cloud Connect for AWS, an API security solution to deliver full API visibility and posture governance without the need for traffic data or agents.
June 18, 2025
CoreWeave announced the launch of three new AI cloud software products and capabilities to help customers develop, deploy, and iterate AI faster.
June 18, 2025
BrowserStack announced support for Playwright tests on real iOS devices with Safari.
June 18, 2025
JFrog announced a partnership with TL Consulting, an Australian-based professional services organization specializing in cloud-native, GitHub and Microsoft DevSecOps implementations.
June 17, 2025
Kusari unveiled Kusari Inspector, an artificial intelligence (AI)-based pull request security tool that brings cutting-edge security risk analysis directly into developers’ daily workflows.
June 17, 2025
Secure Code Warrior announced the availability of AI Security Rules on GitHub – a free resource to help developers generate more secure code when working with AI coding tools like GitHub Copilot, Cline, Roo, Cursor, Aider and Windsurf.
