RSAC Fireside Chat: Attackers are exploiting gaps in business logic created by proliferation of APIs

APIs have become foundational to digital business operations, serving as the behind-the-scenes glue that connects apps, platforms and partners.

Related: OWASP’s Top 10 Web App Security Risks

But this growing reliance has opened a new front in cybersecurity—one where attackers are quietly exploiting weaknesses buried deep in business logic.

In this RSAC Fireside Chat, I spoke with Jamison Utter, Security Evangelist at A10 Networks, who underscored how the expanding API ecosystem has far outpaced the security measures traditionally used to safeguard it. For a full drill down, please give the accompanying podcast a listen.

Utter emphasized that while cloud providers like AWS, Azure, and Google Cloud Platform offer basic protections—such as network-layer DDoS mitigation and rudimentary load balancing—these tools aren’t designed to address the advanced attacks now targeting application logic and API flows.

He also pointed out that these built-in security features are often marketed as “free,” but in practice, they frequently come with usage-based costs, such as charges per click, per transaction, or per request.

The bigger issue, he noted, is that these tools offer only limited, outdated defenses—leaving organizations exposed to a new breed of threats, from bot-driven inventory denial to logic-layer DDoS attacks that exploit legitimate HTTP or API behavior.

To address these challenges, A10 advocates for a consolidated Web Application and API Protection (WAAP) approach. Their platform combines DDoS defense, API discovery and enforcement, bot mitigation, and business logic protection into one streamlined interface.

Utter calls on CISOs to adopt a forward-looking posture built around three core principles: modernize protections in step with evolving threats, consolidate fragmented toolsets, and simplify operations for agility and efficiency.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

---

(LW provides consulting services to the vendors we cover.)

The post RSAC Fireside Chat: Attackers are exploiting gaps in business logic created by proliferation of APIs first appeared on The Last Watchdog.