Today’s post for ‘Too Long; Did Read’, is a review of the 2022 API Security Trends Report, written by Dan Kennedy of the 451 Group/S&P for noname Security. Going forward I’ll add a couple more pieces of information to each post: Is it behind a registration page and how long of a read is it. Alex (@alexanderjaeger) suggested the first, because many of us won’t fill in the fields needed to get to a report behind a regwall. The second I’m adding because the amount of time needed to read a report often influences if it’s read or not. A 10-page report with one or two redeeming qualities can be easier to read than a 100-page report with buckets full of interesting stuff.

Overall Impression – For its target audience, this paper is one of the best I’ve read this year. It has significant analysis scatter throughout, it uses plots appropriately, and the colors are easy to read, for the most part. You have to keep in mind that this is an analyst’s report, so it’s based on survey data. I generally think of surveys as ‘soft data’ and do not hold this type of information in the same regard as data from logs, alerts, and other data taken directly from sensors. This is definitely a personal bias, but I’ve seen too many surveys done badly over the years.

The intended reader is anyone considering the future of APIs. This includes organizations creating the next wave of products, both engineers and marketing teams. CSO’s who want to know their peers experience with current technologies will get a lot out of the API Security Trends Report, as well as teams looking to better understand API protections before making a purchase. It is not for front-line blue/red teams or other security professionals who want deeply technical knowledge. Which is not what we should expect from most analyst reports in the first place. I give this report a solid A.

Reg Wall: Yes – https://nonamesecurity.com/api-security-trends-report

Length / Read time: At 17 pages, this report took me 45 minutes to read and take notes on. A casual read should take 15-30 minutes.

Continue reading