Report: 50% of all web applications were vulnerable to attacks by 2021
Join today’s leading executives at the Data Summit on March 9. Register here.
Global organizations continue to struggle with the emerging wave of application-specific and web application attacks. According to a new report from NTT Application Security†
The report is the result of a thorough analysis of the data generated from more than 15 million application security scans conducted by organizations in 2021 – a year likely to be remembered as one of the most important for the broader cybersecurity landscape – and has aims to provide actionable tips for security and development teams responsible for securing the web applications that run their businesses.
The events of the past year, highlighted by the colonial pipeline attack, President Biden’s decision to “improve the country’s cybersecurity,” and the ongoing fallout from Log4j brought application security to the forefront of all conversations. . Despite the heightened pressure to fix critical vulnerabilities in applications in both the public and private sectors, there is evidence that this has inadvertently led to an overall negative outcome, as “fire drill” remediation initiatives appear to act as a trade-off with – in rather than an addition to — existing remediation efforts. These events, coupled with the explosive growth of web applications accelerated by the COVID-19 pandemic, as well as the rapid adoption of modern practices that enable developers to quickly build and deliver valuable functionality, have brought the market to an inflection point in the way we approach application security testing.
The financial and insurance sector (43%) had the lowest percentage of sites permanently exposed in 2021, while the professional, scientific and technical services sector (65%) had the highest percentage of sites permanently exposed.
The average Time-to-Fix of a critical vulnerability in 2021 ended 1.7 days shorter than it started (193.1 vs 194.8). While the data point shows a positive trend, the decrease is insignificant when looking at the reported increase in Time-to-Fix for all other risk categories during the year. The education sector (523.5 days) had the longest recovery time for a critical vulnerability across all sectors, almost 335 days more than the government administration (188.6 days), which maintained the shortest time frame throughout the year.
NTT Application Security found that the vulnerability classes most likely to be detected remained relatively static throughout the year, while also indicating that known vulnerability classes plagued applications. Given that the efforts and skills required to discover and exploit these vulnerabilities are quite low, it is clear that in 2021 attackers could take advantage of a target-rich environment.
Read the full report by NTT Application Security.
VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more