Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Wallarm Q2 Report Reveals Sharp Rise in API Vulnerabilities & Exploits

July 28, 2022

Compared to Q1, API vulnerabilities rose +268%; impacted more vendors +270% and grew in criticality rating +90%

San Francisco, California Jul 28, 2022 (  - APIs are at greater risk today than they were even one quarter ago, according to a new report from Wallarm, a leading API Security vendor. As will be discussed in the upcoming webinar on August 8th, the Q2 2022 API Vulnerability and Exploit Report found that API vulnerabilities were more prevalent (+268%), farther-reaching (+270%), and increasingly critical (90%), which further escalates the risk to today’s API portfolios and the need for API security.

In Q2, Wallarm collected and analyzed 184 API vulnerabilities (an average of 2 per day) compared to just 50 last quarter. Overall, these vulnerabilities impact 111 different vendors (up from 30 in Q1) and 53 percent of them are rated critical or high compared to 28 percent which received that rating in Q1. More than one-third of the vulnerabilities are almost immediately exploited.

Gartner predicts that in 2022, API attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications. Midway through the year, this forecast is proving true.

“As the API market continues its high growth trajectory, so too does the risk associated with them,” says Ivan Novikov, CEO, and co-founder of Wallarm. “Expanding vulnerability management efforts to include APIs requires visibility across the entire API portfolio, assessment and triage of vulnerabilities as they arise, and ensuring mitigations are implemented both in code and at run-time.”

Some of the highlights which will be in the final Q2 API vulnerability report include:

  • API threats grew 3.7x QoQ and already hit the 2 new exploits a day threshold.
  • Critical and High-risk API vulnerabilities have increased dramatically, to 53% of the total.
  • Injections (OWASP A03 / API8) are now the highest risk for APIs, ahead of BOLA by all metrics (number of discovered issues, exploitability and severity).
  • 33% of the reported API vulnerabilities are almost immediately exploited, with PoCs published within a median of 2-½ weeks.

Wallarm continually collects and analyzes published API vulnerabilities and exploits. Researchers dissect the data to look for trends and insights from a variety of perspectives, including software type, vendor, CVSS scores, CWEs, and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). Publicly disclosed exploit POCs are also reviewed to understand if and when the threat has moved from theoretical to actual.

Learn more about the Q2-2022 API Vulnerability Report and download the infographic in this blog post.

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.