API threats and risks.

Wallarm released its Q3 2022 API ThreatStats Report this morning, giving a look into this quarter’s API vulnerabilities and exploits.

Initial analysis.

Upon first examination, researchers found that API risks have subsided since last quarter, with metrics showing little-to-no change. Vulnerabilities increased from 184 in Q2 to 203 in Q3, which is a 16% increase. Vendors also saw a 16% increase, from 111 in Q2 to 129 in Q3. Vulnerabilities with “critical” and “high” ratings have shown to be steady at 57%.

Deeper analysis.

Further in-depth analysis by researchers revealed three key takeaways. The first key finding was that DevOps tools and infrastructure saw a majority of the most impactful vulnerabilities this quarter, which researchers say shifts your security focus. The second takeaway says that OWASP Top-10 Injection categories (A03:2021 for web apps and API8:2019 for APIs) are prominent, but a multitude of variations have been uncovered, which will take extra effort to improve. The last finding discovered that the average gap between CVE and exploit POC publication was zero days, which has a significant impact on a mitigation timeline.