2022 Year-End API ThreatStats Report
Aug 1, 2023
This 2022 recap report looks back at the deteriorating API threat landscape, the most prevalent types of threat vectors, the most vulnerable types of APIs, and much more to provide API security and DevOps teams the data-driven insights needed to improve API security in 2023.
One of the main take-aways is that the API threat landscape is becoming ever more dangerous. We make this assessment based on the 2022 data, and specifically these four trends:
- Attack Growth. In 2022 we saw a huge increase in attacks against our customers’ APIs, which ballooned +197% from H1 to H2. Extrapolating to beyond our customers and it’s understandable that we’re reading about more and more API-related breaches.
- CVE Growth. In 2022 we saw a big increase in API-related CVEs, growing +78% from H1 to H2. And while this growth has stabilized a bit over the past two (2) quarters, we do not see it getting any better in 2023.
- Worsening Time-to-Exploit. From Q2-2022 when we started tracking this metric, we’ve seen a continued decline in the average time between a CVE being published and a related exploit POC being published – from about 58 days (Q2) to about four (4) days (Q3) to negative three (-3) days in Q4. Not only that, but the average zero-day exploit found in Q4 was released more than two months before the CVE is published.
The full report delves into this and several other areas in much greater detail. We also invite you to listen to our 2022 Year-End API ThreatStats™ webinar on-demand in which Ivan goes into greater detail on some of the most impactful API vulnerabilities seen in 2022.