Wallarm highlights disturbing trends in API security threats

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


Wallarm has released its Q3 2023 API ThreatStats report which sheds light on the escalating threats targeting APIs and revealing vulnerabilities that have impacted industry giants such as Netflix, VMware, and SAP.

The report’s revamped ‘Top 10 API Security Threats’ compilation outlines 239 vulnerabilities discovered during the quarter, with injections taking the lead.

Injections involve inserting malicious data or code into APIs, leading to unauthorised access and data breaches. Notably, SQL and XML-based attacks were prevalent, underscoring the importance of robust security measures to prevent such breaches.

33 percent of the vulnerabilities (79 out of 239) were linked to authentication, authorisation, and access control (AAA). Well-established safeguards such as OAuth, single-sign-on (SSO), and JSON Web Token (JWT) were compromised in high-profile organisations like Sentry and WordPress.

Sentry, for its part, faced incorrect credential validation—potentially exposing developers’ projects to unauthorised access. WordPress suffered from plugin broken authentication, leaving millions of users’ data vulnerable to theft.

The report also spotlighted the concerning rise in API data leaks, ranking fourth on the list of security threats. Complex tech stacks have made these leaks more prevalent, with Netflix, VMware, and SAP falling victim.

Ivan Novikov, CEO of Wallarm, urged business leaders and cybersecurity professionals to acknowledge the gravity of these threats:

“Whether caused by malicious actors or internal carelessness, this report is a wake-up call for business leaders and cybersecurity professionals to include protection against threats to APIs and other leaks in their product security programs.

Established security frameworks, like OWASP API Security Top-10, are one way to get started but have limitations in addressing today’s complex API security needs. 

This real-time data-driven threat list complements and extends the OWASP framework by identifying unaddressed threats and vulnerabilities, enhancing overall security posture.”

Wallarm’s report serves as a wake-up call, urging businesses to bolster their API security protocols to safeguard sensitive data and maintain consumer trust.

A full copy of the report can be found here (registration required)

(Photo by FLY:D on Unsplash)

See also: State of Java: Resilience amid licensing changes and security concerns

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with Digital Transformation Week.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *