Our[ **Q2-2023 API ThreatStats⢠report**]() is out. It provides API builders, defenders, breakers, and decision-makers with a comprehensive look at the API security vulnerabilities, threats and exploits reported this past quarter. This report provides everyone involved in API development, security and strategy with actionable intelligence to strengthen their API security posture.
[Download the report]() to learn how you may be able to improve your API protections. At a high level, we see the API threat landscape evolving rapidly:
* **Growing: 514% rise** in detected API attacks YoY (Q2-2023 vs. Q2-2022).
* **Shifting: 40% of all web attacks** were API-related in Q2-2023, compared to 18% in Q2-2022.
* **Diversity: 60% rise** in unique API attacks QoQ (Q2-2023 vs. Q1-2023).
* **Complexity: 6X increase** in malicious requests per API attack sequence YoY.
* **Pervasive: impacting **every corner of the digital world, from NVIDIA and Google to Reddit and Samsung Mobile.
Long-time readers will notice weâre doing something different this time, with more focus on the most significant issues uncovered. This includes:
* **Follow the Money**. Weâve expanded our coverage to include, for the first time, analysis of bug bounty rewards.
* **API Security Razzies**. Weâve homed in on the most impactful vulnerabilities and exploits of the quarter.
## **Follow the Money: API-Related Bug Bounties**
Itâs no surprise that we see a continued increase in API vulnerabilities and exploits so far this year. This is borne out by the finding that 63% of all HackerOne bug bounty rewards paid so far this year were for API security problems, with a total of $26,490 being paid out in just the last quarter. Since bounty payments typically lag by 2-3 months, we anticipate an even greater surge in these payments for vulnerabilities reported in Q2.
[]()
## **API Security Razzies: Most Impactful API Vulns & Exploits**
As always, weâve analyzed all published CVEs, security bulletins, and bug bounty reports to bring you the most insightful perspectives on API security. From this analysis, weâve are selected the most impactful results for Q2-2023 in the following categories:
[]()
Whatâs perhaps most interesting in this past quarterâs findings is how widespread the impacts of API vulnerabilities are. Itâs not just public-facing APIs â itâs also partner and internal APIs. And itâs not just software â itâs also firmware and hardware, and even AI infrastructure. The impact is so broad-based that no corner of the enterprise and customer digital world is untouched.
## In-Depth Webinar
To learn more, we invite you to attend our upcoming webinar on Thursday, July 27. In this live interactive event, Ivan Novikov, CEO & co-founder of Wallarm and noted security researcher, will take a deep-dive into the latest API vulnerability and exploit data, and discuss the implications to your organizational risk and your cyberdefenses.
[]()
**Are You Prepared for Ever-Rising API Attacks?**
_A Deep Dive into the Wallarm Q2-2023 API ThreatStats⢠Report_
Thursday, July 27, 2023
11:00 PT / 14:00 ET
## **Final Thought**
A year ago, we cited a 2022 Gartner prediction that API abuses would move to the most frequent attack vector. In that same report, they predicted that by 2023, 90% of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the UI.1
Today, mid-way through 2023, we suggest weâre well on the way to confirming this prediction. Indeed, we project that next quarter we will see API attacks exceed the number of non-API web attacks for the first time ever. Forewarned is forearmed.
[Download our latest API ThreatStats⢠report]() to learn where and how your APIs may be at risk.
1 Gartner,[ **Magic Quadrant for Application Security Testing**]() (ID G00733839)
The post [Q2-2023 API ThreatStats⢠Report: API Exploits Are Everywhere: from NVIDIA to Reddit and more!]() appeared first on [Wallarm]().Read More