Loading...

04 Jul 2026 04:49

Leadership Perspectives Tech & Start Up

App vs. API Security? Bots don’t care. Defend Your Digital Assets- Lori MacVitte, F5 Distinguished Engineer

If you’re confused and can’t decide, that’s okay. That’s the point. App and API endpoints look pretty much the same. That’s because in technical terms if they’re RESTful (and most are) they are invoked in the same way, via HTTPS and usually with a GET method. What’s often different is the payload sent with the request. For APIs that typically contains some data in a JSON or XML format while web app requests may contain, well, nothing.

Still, one of the key findings from F5’s annual State of Application Strategy report implies that organizations treat APIs as different from applications when it comes to security. We infer this based on the finding that 41% of organizations have at least the same or greater number of APIs than they do applications and yet place a lesser value on the same security services that protect them.

You might wonder how organizations would end up with more APIs than apps. Thanks for asking! While APIs used for internal, service-to-service communication (a la microservices) are certainly tightly coupled to the service they support, this is not necessarily true when APIs are used to present external interfaces.

Where do APIs come from?

Consider that in our 2021 research, 61% of respondents told us they were “adding a layer of APIs to enable modern user interfaces” as a method of modernization. In 2022 that number was 45%. What that means is the APIs enabling modern user interfaces are not necessarily artifacts directly attached to applications.

They might be façades that facilitate modern user interfaces and applications, like mobile apps and digital services, or they might be façades designed to enable partner and supply chain communications. These use cases are supported by API Gateways and layer 7 routing in load balancers, which often provide some level of transformation capabilities that allow them to translate from API endpoint to app endpoint, thus enabling an API façade like those that make old American west buildings appear much more impressive than they are.

And of course, a goodly number of APIs are public-facing entities attached to apps and accessed via the web (typically HTTPS).

Regardless of how they got there, public-facing APIs are subject to many of the same attacks as applications. This is especially true when bots are involved, as APIs with good documentation simply make it easy for attackers to script attacks at scale.

For example, just over 13% of transactions protected by F5 Distributed Cloud Bot Defense in 2023 were automated. That is, a script or software was used instead of a human using a web browser or mobile app. Those transactions occur via both APIs and apps. Some percentage of those automated transactions were certainly “bad bots” that the presence of our security service prevented from doing whatever bad thing they were trying to do. (You can dig deeper into what they were trying to do in this F5 Labs report)

So, when we looked at how respondents perceive bot management based on their self-reported number of APIs, we were somewhat shocked to discover that bot management is pretty low on the importance scale.

While the importance placed on API Gateways appears to be appropriate to the number of APIs under management, the same is not true for bot management. In fact, it’s completely the opposite! As the number of APIs grows, the importance of bot management appears to decline rapidly.

It could certainly be the case that the bulk of those APIs are internal. That is, they are east-west APIs between microservices that are not exposed to external actors that might be bad bots with malicious intent.

But then again, they might be. Given the number of articles I’ve read in the past year about attackers gaining access via APIs, I’m going to guess there are a lot more external than we think.

So, it’s time to remind folk that while there are a number of annoying bots out there—grinch bots, sneaker bots, etc.—that disrupt business by gobbling up high-demand goods, there are also a significant number of bots whose only purpose it is to sniff out vulnerabilities and attack them. In both APIs and applications.

Thus, it would be a good idea for organizations to employ a full range of security options to protect their APIs and ultimately, their business. Bot management is certainly one of those security options and should be considered a critical component of any security strategy.

At the end of the day, the bots don’t care whether that endpoint belongs to an app or an API. They’re going to attack both.

Which means organizations need to be protecting both apps and APIs by detecting bots and preventing them from doing whatever bad thing they’re trying to do.

(Visited 236 times, 1 visits today)
peri hokiperihokiduta 76AWSBEThttps://sintnicolaasschool.com/https://abc1131aa.com/kincir88cakar76Slot mahjonghttps://www.abc1131.it.com/Gerakan99Era77stc76duta76duta76 loveduta76 careduta76bduta76 sejiwaduta76 lokasiterdekatduta76 africafuelduta76 oscarmykeduta76 naptimepkduta76 daikinduta76 raes-munichduta76 destyduta76 bio-linkduta76 lynkduta76 heylinkduta76 bioduta76 radarkeduWar138navigasi rtp live eksploitasi peluang taktik mahjong wild deluxe analisa dadu sicbo strategi gates of olympusanalisa komprehensif rtp live pola algoritma strategi mahjong ways 2 pgsoft taktik baccarat teknik starlight princessoptimasi presisi analisa strategi blackjack teknik membaca pola mahjong wins 3 taktik peluang rtp live sweet bonanza pragmaticdekonstruksi peluang taktis strategi analisa roulette pemetaan pola mahjong ways 2 pgsoft teknik membaca rtp live wild west goldeksekusi taktis analisa probabilitas strategi komprehensif sv388 teknik membaca peluang blackjack pola mahjong wins 3 pemetaan rtp live sugar rushstrategi rasional baca rtp live analisa pola gates of olympus taktik sicbo teknik mahjong wild deluxe jitutaktik eksekusi presisi sinkronisasi analisa rtp live pola mahjong ways 2 pgsoft teknik baccarat kuantitatif peluang starlight princesseksploitasi algoritma analisa strategi taktis menaklukkan blackjack pemetaan pola mahjong wins 3 teknik rtp live sweet bonanza pragmaticmetodologi optimasi peluang analisa teknik roulette klasik taktik pola mahjong ways 2 pgsoft strategi rtp live wild west goldanalisa matriks peluang sinkronisasi teknik blackjack taktik sv388 strategi pola rtp live mahjong wins 3 sugar rush pragmatichttps://www.thewayofthespirit.com/contact/kalkulasi taktik cerdas strategi peluang sicbo teknik pola mahjong wild deluxe analisa rtp live gates of olympusdekonstruksi varians strategi pola mahjong ways 2 pgsoft analisa peluang baccarat taktik teknik rtp live starlight princesseksekusi silang taktik teknik strategi blackjack analisa pola mahjong wins 3 pragmatic peluang rtp live sweet bonanzaformulasi taktik peluang roulette analisa pola mahjong ways 2 pgsoft teknik jitu strategi rtp live wild bounty hunternavigasi probabilitas analisa pola mahjong wins 3 pragmatic taktik peluang blackjack strategi sv388 teknik rtp live sugar rushalgoritma menang taktik mahjong wild deluxe peluang sicbo analisa pola gates of olympusanalisa rtp live peluang teknik mahjong ways 2 pgsoft baccarat starlight princessbedah peluang rtp live teknik transisi blackjack sweet bonanza mahjong wins 3 pragmaticeksekusi taktis data peluang roulette teknik wild bounty hunter rtp live mahjong ways 2 pgsoftdekonstruksi multi disiplin strategi blackjack peluang sv388 teknik sugar rush pola mahjong wins 3awal kegilaan mahjong wins scatterledakan tempo baru mahjong waysmahjong ways memanas scattter wildmahjong wins berputar berkat kemunculanmahjong wins scatter hitam munculmomentum scatter wild ritme mahjongperubahan arah ritme mahjong waysperubahan drastis mahjong scatter wildportal scatter wild terbuka mahjongscatter hitam datang permainan mahjongscatter hitam pemicu chaos putaranscatter wild alur mahjong cepatscatter wild tempo mahjong agresifsekali muncul scatter wild taktanpa scatter jadi kunci drastise5 pendekatan berbasis data rtpe5 pendekatan sistematis dalam memahamie5 pendekatan sistematis terhadap polae5 peran scatter wild dalame5 perhatikan baik formasi pembukae5 pola bermain modern berawale5 pola pembuka yang seringe5 rahasia pemain lama polae5 rahasia strategi modern berawale5 rtp harian dan evolusisinergi strategi analisa taktik peluang paten rtp live mahjong wild deluxe gates of olympus dadu sicbohibrida strategi analisa probabilitas peluang pola rtp live mahjong ways 2 pgsoft teknik baccarat taktik starlight princessarsitektur kemenangan strategi analisa pola teknik peluang taktik rtp live mahjong wins 3 pragmatic sweet bonanza blackjackdekonstruksi pasti algoritma probabilitas teknik pola rtp live analisa strategi taktik peluang mahjong ways 2 pgsoft roulette wild west goldkuadran eksekusi taktis analisa peluang strategi teknik pola rtp live sv388 blackjack sugar rush mahjong wins 3 pragmaticdekonstruksi peluang unik analisa pola strategi mahjong wild deluxe sicbo gates of olympuskonvergensi teknik taktik strategi peluang asik analisa pola rtp live baccarat mahjong ways 2 pgsoft starlight princessalgoritma ilmu peluang kalibrasi strategi analisa pola taktik teknik rtp live sweet bonanza blackjack mahjong wins 3 pragmaticmanajemen risiko rasionalisasi peluang strategi analisa pola taktik teknik rtp live wild west gold roulette pgsoft mahjong ways 2reverse engineering peluang analisa strategi teknik taktik pola rtp live mahjong wins 3 pragmatic sugar rush blackjack sv388masterclass analisa langka pola teknik rtp live gates of olympus dadu sicbo mahjong wild deluxepemetaan akurat pola analisa strategi taktik teknik peluang rtp live starlight princess baccarat mahjong ways 2 pgsoftmetodologi asing analisa peluang integrasi strategi blackjack taktik pola mahjong wins 3 pragmatic teknik rtp live sweet bonanzasinkronisasi momentum asik analisa taktik strategi roulette teknik pola peluang rtp live mahjong ways 2 pgsoft wild west goldpsikologi kemenangan analisa kognitif taktik strategi teknik peluang pola rtp live mahjong wins 3 blackjack sv388 sugar rushe5 rtp harian sebagai acuane5 rtp harian sebagai referensie5 satu pola banyak kejutane5 strategi berbasis data evolusie5 strategi cerdas masa kinie5 strategi masa kini berkembange5 strategi modern yang terciptae5 strategi modern ubah datae5 strategi sistematis berbasis datae5 strategi terkini lahir darie5 studi dinamika scatter dane5 studi fitur scatter wilde5 studi interaksi scatter dane5 studi pola visual scattere5 studi struktur simbol scatter Top