Today's sharing is the [Application and Apisoti Report] report by Akamai
Featured Reports** Public Title: A global repository of industry reports
As attackers continue to refine their attack methods, web application and API defenses must also strengthen their detection capabilities to mitigate the risks posed by attackers' "evolving" attack vectors. In 2022, Akamai released a new Akamai App &ApiProtector product that strengthens its attack detection capabilities. The surge in the number of attacks also led us to identify more attack traffic, which increased by about 250%. But this isn't the first time Akamai has seen such a sharp increase in web application and API attacks. Web application and API attacks have been on the rise long before major vulnerabilities such as Log4Shell and Spring4Shell emerged and caused massive data breaches to various industries around the world, such as technology companies. In addition, these vulnerabilities exacerbate the risks faced by enterprises, further emphasizing the importance of ensuring application security.
The most obvious attack vector for the growth of web application and API attacks is LFI, which attackers primarily use to scout or scan for vulnerable targets. In some cases, an LFI exploit may expose information about any application, resulting in a directory traversal attack that allows an attacker to gain access to log file data and penetrate deeper parts of the network.
When a new attack vector emerges, you should take a closer look at it whenever it has the potential to impact your business. By understanding these new attack vectors, you can prepare your attack surface for the future.
An LFI attack occurs when an attacker exploits a vulnerability in file access verification or processing. PHP-based LPI vulnerabilities are prevalent, with 80% of them using this programming language on the server side. It's no surprise to see a large number of attacks year after year. Reports of data breaches say that 300 million user accounts were breached in an LFI attack.
This article is for informational purposes only and does not represent any investment advice from us. To use the information, please refer to the original report. )
Featured Reports** Public Title: A global repository of industry reports