Attackers can find new APIs in just 29 seconds, research shows

Research from Wallarm reveals that attackers can discover newly deployed APIs in just 29 seconds. This finding comes from the company's first API honeypot, which monitored activity for 20 days in November 2024. The report highlights that many new APIs are unmanaged and less secure. The most common attack methods include exploiting vulnerabilities and conducting authentication checks, with the "/status" endpoint being the most frequently targeted. APIs are now more appealing to attackers than web applications, making up over 54% of total requests. Wallarm warns that attackers can launch high-volume attacks at low costs, emphasizing the need for improved security measures.