Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!

Wallarm Q2 Report Reveals Sharp Rise in API Vulnerabilities & Exploits

July 28, 2022

Compared to Q1, API vulnerabilities rose +268%; impacted more vendors +270% and grew in criticality rating +90%

San Francisco, California Jul 28, 2022 (Issuewire.com)  - APIs are at greater risk today than they were even one quarter ago, according to a new report from Wallarm, a leading API Security vendor. As will be discussed in the upcoming webinar on August 8th, the Q2 2022 API Vulnerability and Exploit Report found that API vulnerabilities were more prevalent (+268%), farther-reaching (+270%), and increasingly critical (90%), which further escalates the risk to today’s API portfolios and the need for API security.

In Q2, Wallarm collected and analyzed 184 API vulnerabilities (an average of 2 per day) compared to just 50 last quarter. Overall, these vulnerabilities impact 111 different vendors (up from 30 in Q1) and 53 percent of them are rated critical or high compared to 28 percent which received that rating in Q1. More than one-third of the vulnerabilities are almost immediately exploited.

Gartner predicts that in 2022, API attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications. Midway through the year, this forecast is proving true.

“As the API market continues its high growth trajectory, so too does the risk associated with them,” says Ivan Novikov, CEO, and co-founder of Wallarm. “Expanding vulnerability management efforts to include APIs requires visibility across the entire API portfolio, assessment and triage of vulnerabilities as they arise, and ensuring mitigations are implemented both in code and at run-time.”

Some of the highlights which will be in the final Q2 API vulnerability report include:

  • API threats grew 3.7x QoQ and already hit the 2 new exploits a day threshold.
  • Critical and High-risk API vulnerabilities have increased dramatically, to 53% of the total.
  • Injections (OWASP A03 / API8) are now the highest risk for APIs, ahead of BOLA by all metrics (number of discovered issues, exploitability and severity).
  • 33% of the reported API vulnerabilities are almost immediately exploited, with PoCs published within a median of 2-½ weeks.

Wallarm continually collects and analyzes published API vulnerabilities and exploits. Researchers dissect the data to look for trends and insights from a variety of perspectives, including software type, vendor, CVSS scores, CWEs, and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). Publicly disclosed exploit POCs are also reviewed to understand if and when the threat has moved from theoretical to actual.

Learn more about the Q2-2022 API Vulnerability Report and download the infographic in this blog post.

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.

Product TourGet a demo