Securing APIs

Securing APIs in a Rapidly Evolving Digital Landscape

Tech Talks with Tim Erlin, Head of product, and Tim Ebbers, Field CTO at Wallarm:

API Discovery and Risk Assessment: Generate a comprehensive inventory of your APIs including Shadow and Zombie APIs, identify sensitive data exposure, and evaluate associated risks
API Threat Mitigation: See how you stand against OWASP API Security Top-10. Defend both public-facing and internal APIs and applications from potential hazards
API Abuse Prevention: Thwart Account Takeover (ATO) attacks and minimize risks stemming from API misuse and leverage advanced API rate limiting.

2023-Oct-05

API attack analysis for 2022

Researchers came to this conclusion based on the 2022 data, specifically these three trends:

Attack growth

In 2022 there was a huge increase in attacks against Wallarm’s customers’ APIs, which ballooned over 197% from H1 to H2. As API-related breaches influence today’s headlines, it’s clear that this trend is extrapolating beyond Wallarm customers and will continue to grow in 2023.

CVE growth

In 2022 there was a significant increase in API-related CVEs, growing +78% from H1 to H2. Although growth has stabilized over the past two quarters, the research team expects an increase in 2023.

Worsening time-to-exploit

Since tracking this metric in Q2 2022, the research team has seen a continued decline in the average time between when a CVE is published and when the related exploit POC is published – from 58 days (Q2) to four (4) days (Q3) to negative three (-3) days (Q4).

Additionally, the average zero-day exploit found in Q4 was released more than two months before the CVE was published.