Trends in Modern Application Protection

Securing applications has become more difficult than ever. While exploits against known application vulnerabilities remain common, advanced campaigns use bots to amplify denial of service and credential attacks that target web applications as well as the APIs they rely upon. Converged application protection platforms have emerged to address many of these issues, but organizations can struggle with prioritizing the capabilities they require, assessing the different types of tools available, and meeting the diverse needs of a broad set of stakeholders.

In order to gain insight into these trends, ESG surveyed 366 IT, cybersecurity, and application development professionals personally involved with web application protection technology and processes at North American organizations.

Among the key findings:

• While only 15% of organizations support more than 200 public-facing websites and applications today, nearly half (45%) expect to reach this milestone in the next 24 months.
• Within two years, more than half (57%) of organizations believe that most or all of their applications will use APIs.
• More than one- third (37%) cited challenges with inventorying APIs, while 32% cited issues discovering and remediating API misconfigurations.
• 28% of organizations reported API injection attacks, while 23% reported attacks exploiting API misconfigurations.

Use this report to understand what your peers consider their top API and application security challenges and how they are tackling them.