Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Introducing Credential Stuffing Detection
Close
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Wallarm 2022 Year-End API ThreatStats™ Report Provides Important Insights for 2023 API Security

March 7, 2023

API attacks jump over 197% in 2022, while API-related vulnerabilities grew more than 78% and average time-to-exploit worsens.

SAN FRANCISCO--(BUSINESS WIRE)--Wallarm, the end-to-end API security company, today released its 2022 Year-End API ThreatStats™ Report, providing in-depth analysis into published API vulnerabilities, exploits, and attack data for the year.

After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous. The Wallarm Research Team came to this conclusion based on the 2022 data, and specifically these three trends:

  • Attack Growth. In 2022 there was a huge increase in attacks against Wallarm’s customers’ APIs, which ballooned over 197% from H1 to H2. As API-related breaches influence today’s headlines, it’s clear that this trend is extrapolating beyond Wallarm customers and will continue to grow in 2023.
  • CVE Growth. In 2022 there was a significant increase in API-related CVEs, growing +78% from H1 to H2. Although growth has stabilized over the past two quarters, the research team expects an increase in 2023.
  • Worsening Time-to-Exploit. Since tracking this metric in Q2 2022, the research team has seen a continued decline in the average time between when a CVE is published and when the related exploit POC is published – from 58 days (Q2) to four (4) days (Q3) to negative three (-3) days (Q4). Additionally, the average zero-day exploit found in Q4 was released more than two months before the CVE was published.

“It's obvious from recent news about mega breaches involving APIs, such as Optus and T-Mobile, that the API threat landscape is becoming more dangerous,” said Ivan Novikov, CEO and co-founder of Wallarm. “In this report, our research team provides API security practitioners and executives with data-driven insights into how to improve their API security posture in 2023. Briefly, we found that API threats tripled in 2022 with exploits available before we even know about the vulnerability, that the current OWASP API Security Top-10 list does not accurately reflect reality where Injections are the primary attack vector, and that open-source software, especially DevOps and cloud-native tools used to build new companies and technologies, is a growing target. Overall, the traditional approaches to protecting your APIs need to adapt to these new realities.”

Based on the research, the research team has concluded that API portfolios will be at greater risk in 2023 as organizations struggle to improve API security, both during the development cycle and in production. The full report also examines the most prevalent types of threat vectors, the most vulnerable types of APIs, and much more. API security and DevOps teams can leverage these data-driven insights to update their remediation policies for 2023.

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.