Web application security spanning businesses is having less consideration amid increased cyber-attacks – even though it is highly critical.
With organizations shifting their focus to support remote work as well as business continuity amid the slowly recovering marketplace, web application security has been suffering – reveals a new study by Invicti Security.
The report titled “Invicti AppSec Indicator Report” reveals that between 2016 to 2019, the number of high-severity and medium-severity cybersecurity vulnerabilities had decreased steadily every year. This was with an average reduction rate of nearly 22% for high-severity vulnerabilities year-over-year.
If the above trend had continued, the general incidence of high-severity security vulnerabilities would have declined from 26% to around 20%. However, this progress came to an unexpected halt in early 2020 due to resource re-allocation – in order to address unprecedented business impacts. Ultimately, it was necessary to enable a smooth transition of the remote work globally.
Also Read: 3 Security Strategies CISOs Should Consider for SaaS Applications
Some of the major highlights from the study –
- The overall prevalence of high-severity vulnerabilities, including SQL injection, remote code execution, and cross-site scripting, has risen somewhat (from 26% to 27%) of the targets scanned.
- Medium-severity security vulnerabilities such as denial-of-service, host header injection, and directory listing have remained present in approximately 63% of web apps in 2020 – holding flat from 2019.
- Several high-severity security vulnerabilities are well recognized. Nevertheless, they did not show any improvement in the past year. For instance, the incidence of remote code execution (both well-known and damage) increased by 1% point last year.
- The incidence of server-side request forgery (SSRF), the main vulnerability behind the recent Microsoft Exchange breach (in early 2021), and Capital One (in 2019) have not progressed over the past year.
With several changes to the consumer as well as business, responses are most likely to endure beyond the end of this situation. In fact, web application security is more significant than ever.
Cyber-attack surfaces will continue to expand from the increasing usage of innovative tools such as web collaboration environments, IM chat, and web conferencing to increased consumer approval of e-commerce.
Also Read: Building a Robust Threat Hunting Program on a Limited Budget
The study indicates that the most significant percentage of breaches in 2020 began with a web application. Though, at the same time, the severity and number of different cyber-attacks have now reached new highs amid the pandemic-induced digital era.
Undoubtedly, it has diverted the time and resources of security firms away from web application security. Moreover, it is quite troubling to see the current loss of momentum due to concentrated attention around web application security.
As explained by Mark Ralls, President and COO at Invicti in this perspective – “As we look ahead, we hope to see organizations adopt best practices and invest in security so that they can continue to advance their web security posture, protect their customers, and avoid being the next big security breach headline.”
For more such updates follow us on Google News ITsecuritywire News.