The proliferation of software applications is accelerating due to the use of APIs, which have become the technological vascular system (so to speak) of nearly every application and online service. From mobile apps to backend servers, and from one online service to another, huge amounts of users’ interactions and data are traversing API-enabled applications. However, this rapid expansion has created a substantial attack surface that isn’t widely understood.
To spread awareness around API risks and encourage developer secure coding practices when using APIs, Erez Yalon, Checkmarx’s Director of Security Research, has taken a proactive approach to addressing this topic. His expertise and thought leadership has been instrumental in driving change with how the industry thinks about API security, earning him speaking slots at prestigious conferences such as RSA Conference and OWASP Global AppSec this year, as well as his most recent accomplishment, being named API:World’s 2020 Innovator of the Year in its annual API Awards!
Announced this week, the API Awards celebrate the incredible technical innovation, adoption, and reception in the API & microservices industries and used by a global developer community. The awards received hundreds of nominations, making this extremely competitive and all-the-more worth celebrating.
While Erez’s API achievements over the past year have all been nothing short of outstanding, his work in spearheading and recently launching the OWASP API Security Top 10 list, alongside Inon Shkedy and key contributor Paulo A. Silva, is the biggest shining example of his determination to raise API security awareness, and a key reason why he was selected for this award. The project summarizes the most critical API risks, accompanied by example attack scenarios and mitigation techniques.
Joining Erez in constructing the Top 10 list was a large number of contributors that exemplify the value of open source projects and the tremendous benefit they bring to the community. The list of project contributors is below and Erez would like to thank each one for their contribution.
In less than a year, the project has become the industry standard for the most egregious API security risks that are often overlooked by software developers, and today, the list is considered the gold standard resource for building API security awareness, developer education, and application security testing policy—even being referenced in research reports by Gartner. Additionally, OWASP graduated the project from Incubator stage to Lab stage in April 2020 – less than 6 months after the project’s finalization – a true accomplishment.
“Today’s cloud-based SaaS software and hardware increasingly is powered by an open ecosystem of API-centric architecture, and each winner here of a 2020 API Award is evidence of their leading role in the growth of the API Economy,” said Jonathan Pasky, Executive Producer & Co-Founder of DevNetwork, producer of API Word & the 2020 API Awards.
According to Erez, “Receiving the “Innovator of the Year” award, as part of The 2020 API Awards by API World is very exciting both personally and professionally. It emphasizes our foresight into application security and its challenges. It was truly a team effort.”
Erez continues to spread awareness about the API Security project and API issues more broadly through his research efforts at Checkmarx, where his team’s work has led to the discovery of serious API vulnerabilities in prominent devices and online platforms. In nearly every investigation Erez’s team performs, API security issues can easily be found. In all cases, Erez and team worked closely with the vendors to patch the issues and ensure end user security.
Please join us in congratulating Erez, who deserves a round of API-lause.