Securing Apps and APIs in 2023:
See Wallarm Demo for CISOs and Practitioners!
Wallarm logo
Close
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Reject All
Cookie SettingsCookie Settings
Accept AllSave Selection
Wallarm
>
Resource Library
>
Q3-2022 API ThreatStats™️ full report
Whitepaper

Q3-2022 API ThreatStats™️ full report

In this third quarterly report, the team found 203 API-related vulnerabilities out of a total of 100,093 records examined. Despite the apparent leveling-off, our assessment of the data suggests three key findings which will have significant implications on your API security effort. We will examine these and other findings in this paper.

Key Take-Aways

Initial analysis of this quarter's data show API vulnerabilities leveling off the number of API vulnerabilities and impacted vendors – metrics that saw huge jumps in the past – were basically unchanged during Q3, along with a virtually unchanged CVSS scores (both average and % in the critical or high range). However, upon further investigation we unearthed these key findings:

  1. Injections. While the OWASP Top-10 Injection categories ( for web apps and for APIs) top the charts at over 33% of all CVEs analyzed, further inspection reveals many, many variations that undoubtedly will require extra effort to remediate.
  2. Infrastructure. A vast majority of the most impactful vulnerabilities analyzed in Q3 impacted development tools and infrastructure – which clearly shifts your security focus.
  3. Exploits. A surprising finding was that the average gap between CVE and exploit POC publication was zero days! This will greatly impact your mitigation timeline.

All these findings will have significant implications on your organization's API security program.

What's inside?

panasonic logo
miro logo
rappi logo
semrush logo
tipalti logo
wargaming logo
gannett logo
acronis logo
uz leuven logo
workforce logo
sunquest logo
omio logo
RESOURCES
Ready to protect your APIs?

Sign up for free. Get started in minutes.

Book Demo
wallarm logo 2
Wallarm Security Platform
API Security Platform OverviewAPI Threat PreventionAPI DiscoveryCloud-Native WAAPSecurity TestingIntegrationsDeployment
Solutions by Cloud
AWSGCPAzureKubernetes
Solutions by Industry
API Security for HealthcareAPI Security for FintechAPI Security for RetailAPI Security for Technology
Resources
Resource LibraryWhitepapersDatasheetsCase StudiesWebinarsLearning CenterCloud Native Products 101GlossarySupport
Featured Resources
API Security ChecklistTop Five Challenges in Protecting APIsA CISO's Guide to Cloud Application SecurityWallarm for KubernetesAPI Security Trends. Quarterly Review of API Vulnerabilities
Learn Wallarm
DocumentationAPI specsTerraform Provider
Terms of ServicesPrivacy PolicyCookies PolicySecurity Bug Bounty ProgramSoftware License AgreementService Level Agreement
->
Cookies Settings
2023
©
188 King St. Unit 508,

San Francisco,
CA,
94107
(415) 940-7077request@wallarm.com
AICPA logo