CIO Influence
CIO Influence News IT and DevOps Security

Wallarm Q3 API ThreatStats Report Reveals DevOps Tools and Infrastructure Under Attack

Wallarm Q3 API ThreatStats Report Reveals DevOps Tools and Infrastructure Under Attack
Latest research illustrates API risks remain high with 57% of all Q3 API vulnerabilities rated high to critical.

Wallarm, the end-to-end API security company, released its Q3 API ThreatStats Report, which provides deep analysis into all published API vulnerabilities and exploits for the quarter. The Wallarm research team dissected the data from a variety of perspectives, including software type, vendor, CVSS scores, CWEs and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). The team also examined publicly disclosed exploit POCs to determine where the risk lies.

“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year. However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly”

The initial analysis indicated that API vulnerabilities and the impacted vendors were leveling off from the significant increase reported in the Q2 API Vulnerability Report, with minimal to no change. Vulnerabilities and vendors impacted experienced a 16% increase, while high to critical rated vulnerabilities remained steady at 57% total.

Latest ITechnology News: Verizon Launches New Tech to Monitor Activity on Home WiFi

However, deeper analysis revealed three key findings, which may have costly implications on an organization’s API security program:

  1. Infrastructure. A vast majority of the most impactful vulnerabilities analyzed in Q3 impacted DevOps tools and infrastructure, resulting in a shift of an organization’s security focus.
  2. Injections. While the OWASP Top-10 Injection categories (A03:2021 for web apps and API8:2019 for APIs) top the charts at over 33% of all CVEs analyzed, further inspection reveals many, many variations, which will require extra effort to remediate.
  3. Exploits. A surprising finding was that the average gap between CVE and exploit POC publication was zero days, which greatly impacts a mitigation timeline.

Latest ITechnology News: Sesame Software to Showcase Instant Data Warehouse and Fully Automated Data Pipelines at Oracle CloudWorld

“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year. However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly,” said Ivan Novikov, CEO & co-founder of Wallarm. “Wallarm has been committed to tracking and analyzing API vulnerabilities and exploits, and sharing this with the community via our API ThreatStats reports. This Q3-2022 report is the third in a row, and we clearly see a chilling trend in the number, severity and focus of API vulnerabilities and exploits. No joke: the top 10 API issues we’re seeing affect core DevOps and PaaS products, such as Kubernetes, Rancher, GitLab, HashiCorp, and several others.”

Latest ITechnology News: The Ocient Hyperscale Data Warehouse Is Now Generally Available in AWS Marketplace

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Vitech Releases Winter 2022 V3locity Solution Enhancements, Including Core, Data, and Digital Advances

CIO Influence News Desk

VTech Offers Non-Stop Action with Introduction of New Marble Rush Line

CIO Influence News Desk

New Internet Rebooter Delivers Homeowners and Small Businesses Reliable Link to the Web