Resources  »  Research Reports  »  State of Application Security 2025 Annual Report

State of Application Security 2025 Annual Report

img

Overview :

The year 2024 witnessed an unprecedented surge in cyberattacks, with over 7.7 billion attacks blocked across websites and APIs. APIs, in particular, emerged as a prime target, facing significantly more attacks than traditional websites. DDoS and bot attacks saw a sharp rise, with attackers leveraging automated tools to exploit vulnerabilities.

Uncover key trends in web application and API security, DDoS, and bot attacks, along with data-driven insights to help you strengthen your defenses against evolving threats.

Indusface
Indusface

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.


Key findings from the study:

  • 7.7 billion cyberattacks were blocked in 2024, with an average of 5.5 million attacks per website
  • APIs faced 43% more attacks per host than websites and 166% higher DDoS attacks.
  • DDoS attacks surged to 2.46 billion, with each site experiencing an average of 3.4 million attacks.
  • Bot attacks rose by 48% from Q1 to Q4 2024, reaching 765+ million in total.
  • 33% of critical and high vulnerabilities remained unpatched for over 180 days, highlighting patching challenges.
  • API vulnerability attacks skyrocketed by 873%, largely driven by the rise of LLM tools like ChatGPT, making exploitation easier for novice hackers.