Application Security report: 2024 update

The Internet security landscape has significantly changed over the last twelve months due to geopolitical uncertainty and active voting seasons in many countries across the world. This has led to a substantial increase in malicious traffic activity across the Internet. Cloudflare's perspective on Internet application security reveals that mitigated traffic averages 7% globally, with WAF and Bot mitigations being the source of over half of that. DDoS attacks remain the number one attack vector used against web applications, while targeted CVE attacks are also worth keeping an eye on as exploits can occur as fast as 22 minutes after a proof of concept is released. API traffic now accounts for 60% of all traffic, and organizations have up to a quarter of their API endpoints not accounted for. Client-side security has become increasingly important due to the proliferation of third-party integrations in web applications, with enterprise sites integrating an average of 47 third-party endpoints according to Page Shield data.