Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays Munich 2025 - Effectively incorporating...

Avatar for apidays apidays
July 09, 2025
0

apidays Munich 2025 - Effectively incorporating API Security into the overall security workflow, Josh Goldfarb (F5)

Effectively incorporating API Security into the overall security workflow
Josh Goldfarb, Field Chief Information Security Officer at F5

apidays Munich 2025 - Accelerate AI Use Cases with APIs
July 2 & 3, 2025

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Avatar for apidays

apidays

July 09, 2025
Tweet

More Decks by apidays

Transcript

  1. ©2025 F5 2 •Complexity is the enemy of security •Effectively

    incorporating API Security into the overall security workflow •Key takeaways Agenda
  2. Exploit scanning increased 91% in 2024 Mar CVE-2017-9841 CVE-2020-11625 CVE-2022-24847

    CVE-2023-1389 CVE-2024-3721 Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Year CVEs 2024 40,077 2023 28,961 2022 25,059 2021 20,161 2020 18,375 2019 17,308 2018 16,512 2017 14,645 2016 6,457 Source: F5 Labs Evolving CVE Landscape report and ongoing research
  3. AI is increasing in bot activity Source: F5 Labs 5%

    of all traffic is from advanced persistent bots 50% of page content requests are from GenAI 10% of web logins were credential stuffing attacks 50M+ residential proxy IPs across 70+ countries
  4. 115% increase in API breaches since 2024 Source: F5 Labs

    68% caused by broken authorisation 50% caused by broken authentication 8% caused by misconfiguration 69% of API breaches were in the technology sector
  5. ©2025 F5 8 The growth in API use and accelerating

    pace of change makes it hard for security teams to keep up APIs represent an expanding attack surface, as new APIs and updates are being released all the time, and security is getting left behind 46% of respondents stated it takes a week or less to conceive, implement, test and deliver an API to a production environment Q: How long does it typically take to conceive, implement, test and deliver an API to a production environment? Postman state of API Report – 2023
  6. ©2025 F5 9 APIs create substantial security exposure for all

    organizations Unmonitored and unprotected APIs can expose organization to… • Unauthorized Access • Data Exfiltration • Denial of Service Attacks • Business Logic Exploitation • Injection Attacks These threats can lead to … • Exposure of sensitive information • Penalties for noncompliance • Brand reputation damage • Service outages & revenue loss • Intellectual property theft API Security Top 10
  7. ©2025 F5 21 •Complexity is the enemy of security •Be

    strategic and methodical •Cover all aspects of the security workflow •Iterate and incorporate lessons learned Key Takeaways