Blog Security An Attack Surface Workout for Web Application and API Attacks Blog Tom Emmons is a data enthusiast who leads a team focused on machine learning and automation at Akamai. His areas of security expertise are in DDoS and application security. Executive Summary \r\n \r\n Akamai researchers have analyzed web application and API attacks over the past year and have seen a threefold uptick in Q1 2022 vs Q1 2021. \r\n \r\n Local file inclusion (LFI) attacks have seen a massive increase, now outperforming structured query language injection (SQLI) as the most prevalent web attack vector . \r\n \r\n The majority of the attacks being executed are targeted at our U.S. customers. \r\n \r\n Commerce was the highest targeted vertical, with high technology seeing the most growth in 2022 to date. \r\n \r\n There are three major patterns we’ve gleaned from this data: long-running attack campaigns , short-burst attack campaigns , and one-time attack campaigns .…