Securing APIs in a Rapidly Evolving Digital Landscape
Tech Talks with Tim Erlin, Head of product, and Tim Ebbers, Field CTO at Wallarm:
API Discovery and Risk Assessment: Generate a comprehensive inventory of your APIs including Shadow and Zombie APIs, identify sensitive data exposure, and evaluate associated risks
API Threat Mitigation: See how you stand against OWASP API Security Top-10. Defend both public-facing and internal APIs and applications from potential hazards
API Abuse Prevention: Thwart Account Takeover (ATO) attacks and minimize risks stemming from API misuse and leverage advanced API rate limiting.
API attack analysis for 2022
Researchers came to this conclusion based on the 2022 data, specifically these three trends:
In 2022 there was a huge increase in attacks against Wallarm’s customers’ APIs, which ballooned over 197% from H1 to H2. As API-related breaches influence today’s headlines, it’s clear that this trend is extrapolating beyond Wallarm customers and will continue to grow in 2023.
In 2022 there was a significant increase in API-related CVEs, growing +78% from H1 to H2. Although growth has stabilized over the past two quarters, the research team expects an increase in 2023.
Since tracking this metric in Q2 2022, the research team has seen a continued decline in the average time between when a CVE is published and when the related exploit POC is published – from 58 days (Q2) to four (4) days (Q3) to negative three (-3) days (Q4).
Additionally, the average zero-day exploit found in Q4 was released more than two months before the CVE was published.