Friday, May 20 2022

Data from 23.6B security controls highlight the need for a comprehensive approach to application security, with 1/3 of government and education organizations still at risk from SQL injection in 2021

AUSTIN, TX, April 5, 2022 /PRNewswire/ — Invicti Security published today his Spring 2022 AppSec indicator, which reveals an increase in serious web vulnerabilities and the need for leaders to intertwine their application security and digital transformation efforts to reduce risk. The report examines web vulnerabilities from over 939 Invicti customers worldwide and is derived from the largest dataset to date, with over 23 billion security checks run on customer applications, revealing over 282,000 vulnerabilities. with direct impact.

Data shows that many common and well-understood vulnerabilities continue to proliferate in web applications, and the continued presence of these vulnerabilities poses a serious risk to organizations in all industries. Among the discoveries:

  • Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection (SQLi) are all major offenders, each increasing in frequency or hovering around the same alarming numbers year after year. These vulnerabilities can lead to consequences such as compromised back-end data, hacked sessions, or forced actions by other users and services.
  • Remote code execution, always the ultimate goal of malicious attackers, but now particularly important due to last year’s Log4Shell vulnerability, has seen a steady increase since 2018, jumping 5% in frequency.
  • After a slight improvement in 2020, cross-site scripting (XSS) declined in 2021with an incidence up 6% year-on-year.
  • Two industry sectors experienced above-average SQL injections. 35% of educational institutions and 32% of government organizations have experienced at least one occurrence of SQLireflecting that legacy code still in production in these areas needs to be modernized and gaps in developer knowledge need to be addressed.

Direct impact vulnerabilities are simply not decreasing in frequency, but there are fundamental elements in every AppSec program that can improve security. For many organizations without adequate security measures, the persistence of vulnerabilities can be attributed to failures in secure design, lack of comprehensive analysis, and lack of cybersecurity talent. Although these stressors increase risk, organizations that take a proactive and comprehensive approach to application security, prioritizing secure design, embedding security into the application architecture itself, and analyzing the their entire application footprint, will significantly reduce risk.

“Once again, we have found that even well-known vulnerabilities are still present in web applications,” said Invicti’s President and COO. Mark rallies. “It’s time for organizations to master their security posture. The only way to do that is to ensure that security is in the DNA of an organization’s culture, processes and tools so that the innovation and safety go hand in hand.”

You can read the full report here and register for the next online seminar with Mark rallies on April 7 to 10:00 a.m.which will explore the findings of the report and discuss practical approaches to regaining control.

About Invicti Security
Invicti Security transforms the way web applications are secured. An AppSec leader for over 15 years, Invicti enables organizations across all industries to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and powerful automation and integrations allow customers to achieve broad coverage of thousands of applications. Invicti is headquartered in Austin, TX, and serves more than 3,500 organizations of all sizes worldwide. For more information visit our website or follow us on LinkedIn.

anya nelson
[email protected]

SOURCE Invicti Security

Source link


Fraud awareness is key to protecting the private and public sectors


Platform to facilitate communication between companies and public administration

Check Also