This is what a recent mini survey among Asia Pacific developers and IT administrators suggests as a prescription for responsible AI.

In a H1 2024 survey of 297 professionals* from across 11 markets on the topic of application programming interface (API) security, several findings were distilled from the data.

First, one in five respondents cited their organization has adopted AI/ML technologies to detect and mitigate sophisticated threats, such as server-side request forgery (SSRF) and API gateways for strong access control and to mitigate a broad spectrum of vulnerabilities, such as unrestricted access to sensitive business flows.

Second, while respondents in the region looked to protect APIs during runtime, many also recognized the importance of guarding APIs right from development, with 18% citing compliance with standards and practices as a fundamental strategy to guard against a broad range of complex vulnerabilities, from Broken Object Level Authorization (BOLA), security misconfiguration issues and SSRFs.

Other findings

Third, according to the survey data, respondents from APAC face unique API security challenges compared to the rest of the world, with OWASP ranking indicating a prevalence of the abovementioned security concerns. This could be attributed to the wide use of REST/RPC technologies, high use of internal APIs, and diverse deployments across the region. Also:

  • Respondents ranked security testing and access control as top priorities in the API security lifecycle to mitigate risks associated with unauthorized access and ensure robust API security before deployment. They indicated a balanced approach towards runtime protection and discovery, with posture management ranking lowest in priority.
  • Diverse testing strategies were ranked: traditional methods like Static Application Security Testing (54%) and Dynamic Application Security Testing (51%) and emerging strategies such as Active API Security Testing (51%) were the most popular.
  • 59% of respondents cited heightened concern over potential risks from external entities. Other priorities cited included “compliance with established standards” (54%) and secure app-to-app interactions (49%).
  • 53% of respondents indicated a strong focus on protecting data against leakage and tampering in API runtime protection, followed by 28% citing “maintaining data integrity” and “protecting sensitive information through detection and masking techniques” (23%).
  • 63% of respondents were most concerned with identifying APIs that could expose sensitive data or vulnerabilities, followed by 56% indicating a focus on understanding API usage patterns to detect unusual patterns that could indicate breaches or misuse. Some 42% indicated other concerns such as zombie APIs and Shadow APIs (39%).

According to Mohan Veloo, Chief Technology Officer (Asia Pacific, China and Japan), F5, the firm that commissioned the survey: “Applications have become the front door to cybercrime, and cybercriminals increasingly use APIs as the key…. (for) more attacks, with increasing speed, scale and sophistication (via) leveraging AI-powered tools.” 

*working in security, DevOps, SecOps, and application development across Australia (20), China (51), India (30), Indonesia (28), Japan (23), Korea (19), Malaysia (25), New Zealand (19), Singapore (39), Taiwan (22), and Thailand (21)