Concerned your API keys and other secrets are out in the open?
Free, no obligation API Leaks Assessment
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

2022 Year-End API ThreatStats™ Report

This 2022 recap report looks back at the deteriorating API threat landscape, the most prevalent types of threat vectors, the most vulnerable types of APIs, and much more to provide API security and DevOps teams the data-driven insights needed to improve API security in 2023.

One of the main take-aways is that the API threat landscape is becoming ever more dangerous. We make this assessment based on the 2022 data, and specifically these four trends:

  • Attack Growth. In 2022 we saw a huge increase in attacks against our customers’ APIs, which ballooned +197% from H1 to H2. Extrapolating to beyond our customers and it’s understandable that we’re reading about more and more API-related breaches.
  • CVE Growth. In 2022 we saw a big increase in API-related CVEs, growing +78% from H1 to H2. And while this growth has stabilized a bit over the past two (2) quarters, we do not see it getting any better in 2023.
  • Worsening Time-to-Exploit. From Q2-2022 when we started tracking this metric, we’ve seen a continued decline in the average time between a CVE being published and a related exploit POC being published – from about 58 days (Q2) to about four (4) days (Q3) to negative three (-3) days in Q4. Not only that, but the average zero-day exploit found in Q4 was released more than two months before the CVE is published.

The full report delves into this and several other areas in much greater detail. We also invite you to listen to our 2022 Year-End API ThreatStats™ webinar on-demand in which Ivan goes into greater detail on some of the most impactful API vulnerabilities seen in 2022.

panasonic logo
miro logo
rappi logo
semrush logo
tipalti logo
wargaming logo
gannett logo
acronis logo
uz leuven logo
workforce logo
sunquest logo
omio logo
Ready to protect your APIs?

Sign up for free. Get started in minutes.