Guardians of the Enterprise — Insights from leading cyber experts.

Listen Now →

State of Application Security 2025 Report

Overview :

The year 2024 witnessed an unprecedented surge in cyberattacks, with over 7.7 billion attacks blocked across websites and APIs. APIs, in particular, emerged as a prime target, facing significantly more attacks than traditional websites. DDoS and bot attacks saw a sharp rise, with attackers leveraging automated tools to exploit vulnerabilities.

Uncover key trends in web application and API security, DDoS, and bot attacks, along with data-driven insights to help you strengthen your defenses against evolving threats.

Key findings from the study:

  • 7.7 billion cyberattacks were blocked in 2024, with an average of 5.5 million attacks per website
  • APIs faced 43% more attacks per host than websites and 166% higher DDoS attacks.
  • DDoS attacks surged to 2.46 billion, with each site experiencing an average of 3.4 million attacks.
  • Bot attacks rose by 48% from Q1 to Q4 2024, reaching 765+ million in total.
  • 33% of critical and high vulnerabilities remained unpatched for over 180 days, highlighting patching challenges.
  • API vulnerability attacks skyrocketed by 873%, largely driven by the rise of LLM tools like ChatGPT, making exploitation easier for novice hackers.


APPTRANA WAAP

Web apps, APIs, and AI systems. Protected from day one. Autonomously.

OWASP Top 10 protection from day one. Zero false positives, guaranteed. Vulnerabilities discovered and patched at the edge. Experts verify enforcement before policies go live. 24x7 managed services included.

Start Free Trial Explore AppTrana
✓ Gartner Customers' Choice 4 years running 100% customer recommendation rate

No credit card required