Latest research illustrates API risks remain high with 57% of all Q3 API vulnerabilities rated high to critical.
Wallarm, the end-to-end API security company, released its Q3 API ThreatStats Report, which provides deep analysis into all published API vulnerabilities and exploits for the quarter. The Wallarm research team dissected the data from a variety of perspectives, including software type, vendor, CVSS scores, CWEs and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). The team also examined publicly disclosed exploit POCs to determine where the risk lies.
“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year. However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly”
The initial analysis indicated that API vulnerabilities and the impacted vendors were leveling off from the significant increase reported in the Q2 API Vulnerability Report, with minimal to no change. Vulnerabilities and vendors impacted experienced a 16% increase, while high to critical rated vulnerabilities remained steady at 57% total.
Latest ITechnology News: Verizon Launches New Tech to Monitor Activity on Home WiFi
However, deeper analysis revealed three key findings, which may have costly implications on an organization’s API security program:
- Infrastructure. A vast majority of the most impactful vulnerabilities analyzed in Q3 impacted DevOps tools and infrastructure, resulting in a shift of an organization’s security focus.
- Injections. While the OWASP Top-10 Injection categories (A03:2021 for web apps and API8:2019 for APIs) top the charts at over 33% of all CVEs analyzed, further inspection reveals many, many variations, which will require extra effort to remediate.
- Exploits. A surprising finding was that the average gap between CVE and exploit POC publication was zero days, which greatly impacts a mitigation timeline.
“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year. However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly,” said Ivan Novikov, CEO & co-founder of Wallarm. “Wallarm has been committed to tracking and analyzing API vulnerabilities and exploits, and sharing this with the community via our API ThreatStats reports. This Q3-2022 report is the third in a row, and we clearly see a chilling trend in the number, severity and focus of API vulnerabilities and exploits. No joke: the top 10 API issues we’re seeing affect core DevOps and PaaS products, such as Kubernetes, Rancher, GitLab, HashiCorp, and several others.”
Latest ITechnology News: The Ocient Hyperscale Data Warehouse Is Now Generally Available in AWS Marketplace
[To share your insights with us, please write to email@example.com]