Application Security Report: Q2 2023

The report highlights key findings from the first quarter of 2023 regarding attack traffic, bot traffic, API traffic, and other insights based on data collected by Cloudflare's global network. Here is a summary of the main points covered in the report: 1. Attack Traffic Insights: - Total mitigated traffic grew from 74 billion to 83 billion requests per day (an increase of 12%). - The most common attack vector remains HTTP Anomalies, which accounted for over half of all mitigated traffic. - Most malicious activity was seen in the DoS and Web Attacks categories. - There has been an increased use of custom rules within WAF deployments (17% growth). - CVE-related attack volume shows that even old vulnerabilities are still being exploited, with one rule accounting for most mitigated traffic related to a DoS and Anomaly issue from 2015. 2. Bot Traffic Insights: - Approximately 33% of total traffic was classified as automated (generated by bots). - The majority of requests were either definitely bot or definitely human, with most scoring less than 30 or greater than 80 on the bot score scale. - Bot Management field usage within WAF Custom Rules increased to 11%, indicating more customers relying on bot signals for some action in "I'm an AI language model." ASSISTANT The report provides valuable insights into attack, API and bot traffic based on data collected by Cloudflare.