Securing APIs
Securing APIs in a Rapidly Evolving Digital Landscape
Tech Talks with Tim Erlin, Head of product, and Tim Ebbers, Field CTO at Wallarm:
API Discovery and Risk Assessment: Generate a comprehensive inventory of your APIs including Shadow and Zombie APIs, identify sensitive data exposure, and evaluate associated risks
API Threat Mitigation: See how you stand against OWASP API Security Top-10. Defend both public-facing and internal APIs and applications from potential hazards
API Abuse Prevention: Thwart Account Takeover (ATO) attacks and minimize risks stemming from API misuse and leverage advanced API rate limiting.
2023-Oct-05
API attack analysis for 2022
Researchers came to this conclusion based on the 2022 data, specifically these three trends:
Attack growth
In 2022 there was a huge increase in attacks against Wallarm’s customers’ APIs, which ballooned over 197% from H1 to H2. As API-related breaches influence today’s headlines, it’s clear that this trend is extrapolating beyond Wallarm customers and will continue to grow in 2023.
CVE growth
In 2022 there was a significant increase in API-related CVEs, growing +78% from H1 to H2. Although growth has stabilized over the past two quarters, the research team expects an increase in 2023.
Worsening time-to-exploit
Since tracking this metric in Q2 2022, the research team has seen a continued decline in the average time between when a CVE is published and when the related exploit POC is published – from 58 days (Q2) to four (4) days (Q3) to negative three (-3) days (Q4).
Additionally, the average zero-day exploit found in Q4 was released more than two months before the CVE was published.