API vulnerabilities increased 3.7x in Q2-2022


Since early 2022, Wallarm’s Security Research team has been analyzing API vulnerabilities and exploits and publishing quarterly reports. The Q1 Report received a lot of attention and positive feedback from the cybersecurity community, along with some valuable ideas and suggestions.

We’ve included many of them in the Q2 API Vulnerabilities and Exploits report, which will be discussed in our next webinar on August 8.

Register now to reserve your spot!

API Vulnerabilities Report

While you wait for the webinar and the full report, we’ll shed some light on some of the most interesting findings in this blog post.

We began this effort to validate Gartner’s API security predictions: “By 2022, API abuse will grow from an infrequent attack vector to the most frequent attack vector, resulting in breaches of data for enterprise web applications”. [1]

Now that we are halfway through the year, the question is: is this proven by the facts on the ground? Is the threat real?

Wallarm’s Security Research team continuously reviews and analyzes new API vulnerabilities and exploits in real time to align our API security products with modern API cyber threats. As part of this exploit monitoring work, we dissect data to look for trends and insights from various angles, including software type, vendor, CVSS scores, CWEs, and both. OWASP Top 10 (2021) for web applications and Top 10 OWASP API Security (2019). We also dig deep into publicly disclosed exploits and PoCs to extract payloads and validate if threats have progressed from theoretical risk to real risk.

Main findings

Some of the highlights that will feature in the final Q2 API vulnerability report include:

  • Injections (OWASP A03 / API8) are now the highest risk for APIs, ahead of BOLA on all metrics (number of issues discovered, exploitability, and severity).
  • API threats have increased 3.7x from the previous quarter and have already reached the threshold of 2 new exploits per day, and the number of critical and high-risk API vulnerabilities has increased significantly, suggesting increased vigilance is needed.
  • 33% of reported API vulnerabilities are exploited almost immediately, with PoCs released within a median of 2.5 weeks.
  • Major cybersecurity, enterprise, and DevOps products have been impacted by API security issues, including the following 5 most significant:

Infographics

For more highlights from the final report, check out our Q2 2022 API Vulnerabilities and Exploits infographic. We think you’ll find it informative and will help you improve your API vulnerability management and your security posture.

Download infographic

In-depth webinar

To learn more, we invite you to attend our next webinar on Thursday, August 8. In this interactive live event, Ivan Novikov, CEO and co-founder of Wallarm and renowned security researcher, will dive deep into the latest API vulnerability and exploit data, and discuss the implications for your organizational risk and your cyber defenses.

Register for the live event

Date: Monday, August 8, 2022

Time: 11:00 a.m. PT / 2:00 p.m. ET

Title: API Vulnerability Report Q2: Are APIs Really a Threat?

Speaker: Ivan Novikov, CEO and co-founder of Wallarm

Registration: http://lab.wallarm.com/2022-q2-vulnerability-report-webinar/

Our API security experts will be on hand to answer any questions you have – and all registered participants will receive an advance copy of the final report after the event. We look forward to seeing you there!

In conclusion

Expanding your vulnerability management program to cover APIs will require visibility across your entire API portfolio, assessing and triaging API vulnerabilities as they arise and ensuring implementation of mitigation measures. We believe this effort validates the initial prediction – yes, Gartner was right: API threats are increasing and are even faster than expected. Using the Wallarm API security solution is the best way to uncover your API attack surface and protect your API portfolio against growing threats.

[1] Gartner, Magic Quadrant for Application Security Testing (ID G00733839)

The post API Vulnerabilities Jump Up 3.7x in Q2-2022 appeared first on Wallarm.

*** This is a syndicated blog from Wallarm’s Security Bloggers Network by ferrisbuller. Read the original post at: https://lab.wallarm.com/api-vulnerabilities-jump-up-3-7x-in-q2-2022/

Previous Webinar Thursday, July 28, 2022
Next GTEK: Is going back to tech a good idea (NYSEARCA: GTEK)