Resources  »  Research Reports  »  State of Application Security – Global H1 2025

State of Application Security – Global H1 2025

img

Overview:

Cyberattacks against websites and APIs surged in the first half of 2025, with attackers shifting from broad automation to highly targeted exploits. Powered by AI and LLMs, attackers are focusing more on vulnerabilities and APIs, leaving organizations with mounting risks.

The State of Application Security – Global H1 2025 report, analyzing 1,400+ applications across diverse industries worldwide, highlights the sharp rise in attacks and evolving tactics that are reshaping today’s cyber threat landscape.

Indusface
Indusface

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.


Key Takeaways :

  • 4.8 billion attacks witnessed across 1400 sites
  • 3.48 million attacks witnessed per application
  • API attacks grew 104% in H1 2025 vs H1 2024
  • APIs are highly targeted for DDoS
  • Website vulnerability attacks grew 27%, with custom rule mitigations up 47%
  • 64 million bot attacks as 90% of sites witnessed a bot attack
  • US per app ROI: $5.1M–$14.32M per app (including $56K–$57K in operational savings)