API Security: Best Practices for FIs and Fintech and Insurtech Companies

API security awareness has not been an area of emphasis in the application developer community.

Boston, August 5, 2020 – API hacking does not require the advanced capabilities of a nation-state; even relatively inexperienced attackers can use basic tools to discover and exploit API traffic to perform credential stuffing attacks, exfiltrate databases, change account values, or conduct denial of service attacks on critical applications. This report identifies seven core competencies essential to security API development, deployment, and management, and provides recommendations for FIs, fintech companies, and insurtech companies to improve their API security methods.

Aite Group conducted teleconference interviews with 53 application developers and security professionals representing 31 FIs and fintech and insurtech companies in North America, Europe, and India between mid-May and mid-July 2020. Interviews focused on current practices related to creating, testing, publishing, and maintaining internal and external APIs. This report also examines specific security training practices for developers and company processes associated with reporting API security issues.

This 23-page Impact Report contains 14 figures and four tables. Clients of Aite Group’s Cybersecurity service can download this report, the corresponding charts, and the Executive Impact Deck.

This report mentions the API Academy, the Open Web Application Security Project (OWASP), and Smartbear.

Related Content

Get Summary Report

"*" indicates required fields

This field is for validation purposes and should be left unchanged.