DevOps teams typically own API security and are trying to figure out how to do security as efficiently as possible while still meeting modern, post-agile development expectations, according to Mark Weiner, F5’s vice president of product marketing. Developers face a lot of pressure to get applications and updates out faster while still maintaining security, Weiner said.
But the increased use of microservice apps and libraries has fueled a dramatic expansion of the attack surface, Weiner said. In client-side attacks, Weiner said customers end up downloading bad code from a company’s e-commerce website, which can cause significant damage to a company’s brand and credibility.
Like account takeover, client-side attacks pose a huge liability to both a company’s brand and valuation, opening the business up to lawsuits from customers and potentially shutting down a huge portion of the business if the impact of the attack is known, according to Weiner. Meaning, Weiner said account takeover has gone from primarily bot-based attacks to often having human involvement in the process.