The front lines of information security risk management evolve in parallel with the dominant technologies in common use. The emergence of the web brought web-based threats and resulting countermeasures. The rise of SQL databases brought SQL injection and its mitigations. Now, we have the increasing usage and business importance of application programming interfaces (APIs), which are vital the development of mobile applications and the digital enterprise in general. APIs, like all technologies, have security vulnerabilities. In fact, the very openness that makes them so useful in expanding the enterprise into the digital realm can itself be an avenue of risk exposure.

API security risks are also potentially worse, in business impact terms, than earlier generations of information security risk. API security, like APIs themselves, is still early in the industry adoption cycle. The Global State of API Security survey results discussed in this report bear this out, showing a wide range of responses to concerns about security and a diversity of security practices.