Shadow APIs, which are outdated, undocumented web services endpoints not actively managed, pose significant risks. Recognizing these APIs, either documenting or decommissioning them, is crucial to enhance API security. With the increased use of APIs, organizations face a larger attack surface, with 29% of web attacks targeting APIs in 2023, exposing them to various threats such as SQL injections, cross-site scripting, and session hijacking
To address these challenges, organizations must prioritize discovering and managing shadow APIs, along with correcting implementation weaknesses and actively mitigating runtime threats. ```https://www.darkreading.com/application-security/shadow-apis-an-overlooked-cyber-risk-for-orgs