SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
DevOps tools and infrastructure under attack - report
Fri, 11th Nov 2022
FYI, this story is more than a year old

DevOps tools and infrastructure is under attack, according to a new report. 

Wallarm, the end-to-end API security company, has released its Q3 API ThreatStats Report, which provides deep analysis into all published API vulnerabilities and exploits for the quarter. 

The Wallarm research team dissected the data from a variety of perspectives, including software type, vendor, CVSS scores, CWEs and both OWASP Top-10 (2021) for web apps and OWASP API Security Top-10 (2019). The team also examined publicly disclosed exploit POCs to determine where the risk lies.

The initial analysis indicated that API vulnerabilities and the impacted vendors were leveling off from the significant increase reported in the Q2 API Vulnerability Report, with minimal to no change. Vulnerabilities and vendors impacted experienced a 16% increase, while high to critical rated vulnerabilities remained steady at 57% total.

However, deeper analysis revealed three key findings, which may have costly implications on an organisation’s API security program:

Infrastructure. A vast majority of the most impactful vulnerabilities analysed in the third quater impacted DevOps tools and infrastructure, resulting in a shift of an organisation’s security focus.

Injections. While the OWASP Top-10 Injection categories (A03:2021 for web apps and API8:2019 for APIs) top the charts at over 33% of all CVEs analysed, further inspection reveals many, many variations, which will require extra effort to remediate.

Exploits. A surprising finding was that the average gap between CVE and exploit POC publication was zero days, which greatly impacts a mitigation timeline.

“Almost everyone involved in the API economy, from CISOs and their security teams to DevOps teams and beyond, are talking about API Security this year," says Ivan Novikov, Chief Executive Officer and Co-Founder of Wallarm. 

"However, only a few vendors can explain what it really means, and how to measure and calculate the risks and impact when things go badly,” he says.

“Wallarm has been committed to tracking and analysing API vulnerabilities and exploits, and sharing this with the community via our API ThreatStats reports," Novikov says. 

"This Q3-2022 report is the third in a row, and we clearly see a chilling trend in the number, severity and focus of API vulnerabilities and exploits," he adds. 

"No joke: the top 10 API issues we're seeing affect core DevOps and PaaS products, such as Kubernetes, Rancher, GitLab, HashiCorp, and several others.”

Wallarm end-to-end API security products provide robust protection for APIs, web applications, microservices, and serverless workloads running in cloud-native environments. Hundreds of Security and DevOps teams choose Wallarm to get unique visibility into malicious traffic, robust protection across their whole API portfolio, and automated incident response for better risk management.