Since the beginning of 2022, the Wallarm security research team has been analyzing API vulnerabilities and exploits, and releasing quarterly reports. The Q1 report got a lot of attention and positive feedback from the cybersecurity community, as well as a few valuable ideas and suggestions.
We included many of these in the Q2 API Vulnerabilities and Exploits report, which will be discussed in our upcoming webinar on August 8th.
Register now to reserve your seat!
While you’re waiting for the webinar and full report, we will shed light on some of the more interesting findings in this blog post.
We started this effort to validate Gartner’s predictions for API security: “by 2022, API abuses will move from an infrequent to the most frequent attack vector, resulting in data breaches for enterprise web applications." [1]
Now that we're midway through the year, the question is -- is this being proven true by the facts on the ground? Is the threat real?
The Wallarm security research team continually reviews and analyzes new API vulnerabilities and exploits in real-time to align our API security products with modern API cyberthreats. As a part of this exploits monitoring job, we dissect the data to look for trends and insights from a variety of perspectives, including software type, vendor, CVSS scores, CWEs and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). We also drill deeply into publicly disclosed exploits and PoCs to extract payloads and validate if any threats have moved from a theoretical to an actual risk.
Key Findings
Some of the highlights which will be in the final Q2 API Vulnerability report include:
| Vendor | CVE | CVSS Score | |
| 1 | F5 Networks | CVE-2022-1388 | 9.8 |
| 2 | WSO2 | CVE-2022-29464 | 9.8 |
| 3 | VMware | CVE-2022-22980 | 9.8 |
| 4 | Gitlab | CVE-2022-1783 | 2.7 |
| 5 | Argo Project | CVE-2022-29165 | 10 |
Infographic
For more highlights from the final report, take a look at our Q2-2022 API Vulnerability & Exploit infographic. We think you'll find it enlightening, and believe it will help you improve your API vulnerability management and security posture.
Deep-Dive Webinar
To learn more, we invite you to attend our upcoming webinar on Thursday, August 8th. In this live interactive event, Ivan Novikov, CEO & co-founder of Wallarm and noted security researcher, will take a deep-dive into the latest API vulnerability and exploit data, and discuss the implications to your organizational risk and your cyberdefenses.
Date: Monday, Aug 8, 2022
Time: 11:00am PT / 2:00pm ET
Title: Q2 API Vulnerability Report: Are APIs Really A Threat?
Speaker: Ivan Novikov, CEO & co-founder of Wallarm
Registration: https://lab.wallarm.com/2022-q2-vulnerability-report-webinar/
Our API Security experts will be on hand to answer all your questions – and all registered attendees will receive an advance copy of the final report after the event. We look forward to seeing you there!
In Closing
Expanding your vulnerability management program to cover APIs will require visibility across your entire API portfolio, assessing and triaging API vulnerabilities as they arise, and ensuring mitigations are implemented. We believe this effort validates the initial prediction – yes, Gartner was right: API threats are growing and even faster than expected. Using Wallarm API security solution is the best way to discover your API attack surface and protect your API portfolio from increasing threats.
[1] Gartner, Magic Quadrant for Application Security Testing (ID G00733839)
Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he…
Your board wants AI. Your developers are building with it. Your budget committee is asking…
AI systems are no longer just isolated models responding to human prompts. In modern production…
Broken authorization is one of the most widely known API vulnerabilities. It features in the…
The shadow technology problem is getting worse. Over the past few years, organizations have scaled…
API security has been a growing concern for years. However, while it was always seen…