High-severity vulnerabilities are on the rise and are now present most websites globally, according to an automated web application security software company’s annual Web Application Vulnerability Report 2016.
The report looked at 45,000 website and network scans done on 5,700 scan targets from April 2015 to March 2016. According to Acunetix, not only do 55 per cent of websites have one or more high-severity vulnerabilities, but this has significantly deteriorated in just one year, growing by 9pc over 2015’s report. Most, 84pc of web applications were found to have medium-severity vulnerabilities, while 16pc of perimeter network assets were also susceptible to at least one medium severity vulnerability, according to the firm. While this research found a minor, but encouraging reduction in security vulnerabilities such as SQL injection and Cross-site Scripting, these web application vulnerabilities are just two of the top three. The second most prominent vulnerability is Vulnerable JavaScript Libraries (which open up a web app to XSS attacks) – this has shown a significant increase, more than doubling since last year.
On the other hand, Secure Shell (SSH) related vulnerabilities were found to be the most prominent perimeter network vulnerabilities.
The web app firm says businesses are under pressure to deliver web apps and web services to meet demands of digital customers. However, app security is not keeping pace with the development cycle, which broadens a brand’s threat surface, it’s claimed. Hence, significantly more flaws for potential cyber attackers to exploit. Chris Martin, General Manager at Acunetix, says: “Our research clearly shows high-severity web app flaws are on the rise and older vulnerabilities are still hanging around. Having a plan in place to prioritise these problems – and actually start tackling them – is critical. Using an automated vulnerability scanner such as Acunetix is the first step to protect your brand’s online real estate.”
Download the 2016 Web Application Security Report from: http://www.acunetix.com/acunetix-web-application-vulnerability-report-2016/.
