January 18, 2024
Annual report analyzed 1.2 billion attacks, more than 22,000 vulnerabilities and over 146 bug bounty reports to predict 2024 API security trends.
SAN FRANCISCO – Jan. 18, 2024 – Wallarm, the leading end-to-end API and app security company, today announced the release of its Annual API ThreatStats™2024 Report. The annual report discloses the year's progress in identifying, understanding and combating API security threats, from the top exploited API vulnerabilities to emerging risks beyond the OWASP API Top 10. Wallarm executives will present top findings from the report during a webinar on Jan. 24 at 10 a.m. PT/1 p.m. ET.
Wallarm, which was recently named a leader in the GigaOm Radar report for API Security, exposed a rising trend in API security threats in the report, noting a noticeable increase in both the number and severity of API attacks and vulnerabilities. There was a 30% increase in API-related Common Vulnerabilities and Exposures (CVEs) and security bulletins in 2023 compared to 2022. Additionally, malicious requests involving APIs that Wallarm blocked rose significantly from 54% in 2022 to 70% in 2023.
These attacks aren’t going unnoticed by the public. Half of the top 20 most mentioned vulnerabilities in Google Searches are API-related, indicating growing public awareness and concern about API security.
“The growth in malicious API requests and rising public awareness of APIs in 2023 prove that API security is growing increasingly crucial for business leaders and cybersecurity professionals to prioritize in their digital security strategies,” said Ivan Novikov, CEO of Wallarm, which was recognized as one of the CyberTech 100 companies in 2023. “The key trends unearthed and actionable insights provided are a starting point for companies to strengthen their API security programs in 2024. Enterprises must act now, and Wallarm will continue to be at the forefront of the effort to mitigate these attacks.”
Other significant findings include:
Injections and API leaks dominate top API security risks
Injections, which involve malicious data or code being inserted into an API that leads to unauthorized access and data breaches, nabbed the first spot on the “Top 10 API Security Risks for 2023” list.
Although a newer entry on the list, API leaks ranked fourth due to their potential for unrestrained disclosure of sensitive data, often through negligent methods. API leaks are often overlooked, as evidenced by their absence from the OWASP Top 10 threat list.
API security bugs rule the bounty game with 62% of rewards
In 2023, most bug bounties — ethical hackers that test and challenge major companies’ security systems — were for API security: 62% of all bounty payments. Notably, API-related bounties are higher in value compared to other categories. The highest payout for an API bug was $15,000, three times larger than the highest non-API payout of $5,000.
Social media platform Snapchat had the highest bug bounty payout in 2023, signifying more major players see the importance of getting ahead of critical security flaws.
API security predictions for 2024 that demand immediate action
The report highlights several predictions and notes there’ll be an intensified focus on emerging API data leaks as a significant risk in 2024, emphasizing the prevention of sensitive information breaches that include API keys and JWT tokens.
There will also be a shift towards adopting novel metrics for vulnerability triaging and an increased focus on addressing broken access control and authorization (BOLA) issues in API security strategies.
To learn further insights from the Annual API ThreatStats™2024 Report, please register for the webinar.
Wallarm helps you develop fast and stay secure.