Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Close
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

APIs in peril: Wallarm's latest report exposes uptick in API attacks and highlights security predictions for 2024

January 18, 2024

Annual report analyzed 1.2 billion attacks, more than 22,000 vulnerabilities and over 146 bug bounty reports to predict 2024 API security trends.

SAN FRANCISCO Jan. 18, 2024Wallarm, the leading end-to-end API and app security company, today announced the release of its Annual API ThreatStats™2024 Report. The annual report discloses the year's progress in identifying, understanding and combating API security threats, from the top exploited API vulnerabilities to emerging risks beyond the OWASP API Top 10. Wallarm executives will present top findings from the report during a webinar on Jan. 24 at 10 a.m. PT/1 p.m. ET. 

Wallarm, which was recently named a leader in the GigaOm Radar report for API Security, exposed a rising trend in API security threats in the report, noting a noticeable increase in both the number and severity of API attacks and vulnerabilities. There was a 30% increase in API-related Common Vulnerabilities and Exposures (CVEs) and security bulletins in 2023 compared to 2022. Additionally, malicious requests involving APIs that Wallarm blocked rose significantly from 54% in 2022 to 70% in 2023.

These attacks aren’t going unnoticed by the public. Half of the top 20 most mentioned vulnerabilities in Google Searches are API-related, indicating growing public awareness and concern about API security.

“The growth in malicious API requests and rising public awareness of APIs in 2023 prove that API security is growing increasingly crucial for business leaders and cybersecurity professionals to prioritize in their digital security strategies,” said Ivan Novikov, CEO of Wallarm, which was recognized as one of the CyberTech 100 companies in 2023. “The key trends unearthed and actionable insights provided are a starting point for companies to strengthen their API security programs in 2024. Enterprises must act now, and Wallarm will continue to be at the forefront of the effort to mitigate these attacks.”

Other significant findings include:

Injections and API leaks dominate top API security risks 

Injections, which involve malicious data or code being inserted into an API that leads to unauthorized access and data breaches, nabbed the first spot on the “Top 10 API Security Risks for 2023” list.

Although a newer entry on the list, API leaks ranked fourth due to their potential for unrestrained disclosure of sensitive data, often through negligent methods. API leaks are often overlooked, as evidenced by their absence from the OWASP Top 10 threat list.

API security bugs rule the bounty game with 62% of rewards 

In 2023, most bug bounties — ethical hackers that test and challenge major companies’ security systems — were for API security: 62% of all bounty payments. Notably, API-related bounties are higher in value compared to other categories. The highest payout for an API bug was $15,000, three times larger than the highest non-API payout of $5,000. 

Social media platform Snapchat had the highest bug bounty payout in 2023, signifying more major players see the importance of getting ahead of critical security flaws. 

API security predictions for 2024 that demand immediate action

The report highlights several predictions and notes there’ll be an intensified focus on emerging API data leaks as a significant risk in 2024, emphasizing the prevention of sensitive information breaches that include API keys and JWT tokens.

There will also be a shift towards adopting novel metrics for vulnerability triaging and an increased focus on addressing broken access control and authorization (BOLA) issues in API security strategies.

To learn further insights from the Annual API ThreatStats™2024 Report, please register for the webinar.  

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.