By the Numbers: Web Application Security Vulnerabilities

By the Numbers: Web Application Security Vulnerabilities

With the advent of cloud security and enterprise digital transformations, web application security takes on new importance. Your employees interact with web applications every day as part of their business processes and workflows; a vulnerability in one could compromise in your entire network.

However, you cannot institute web application security without understanding the web application security vulnerabilities which threaten it. To help you prepare, we’ve compiled some statistics on the most common web application security vulnerabilities.

Here’s what we found:

How Vulnerable Are Web Applications?

Before we can dive into the nature of web application security vulnerabilities, we need to recognize the severity of the issues enterprises face.

According to data security and application security solution provider Imperva:     

    • Web application security vulnerabilities increased by 23% in 2018 compared to 2017.
    • They increased by 162% compared to 2016.
    • 54% of all web application security vulnerabilities have a public exploit available to hackers.
    • WordPress, the most popular content management systems, saw a 30% increase in vulnerabilities in 2018.
    • 98% of WordPress vulnerabilities relate to plugins.

Meanwhile, according to Unified Application Security solution provider Positive Technologies:

  • 2018 saw three times the number of web application security vulnerabilities compared to 2017.
  • On average, each web application contained 33 vulnerabilities.
  • On average, 6 of those 33 vulnerabilities classify as high severity.
  • This is three times the average from the year prior.
  • 67% of applications contained critical vulnerabilities.

What are the Common Web Application Vulnerabilities?

Of course, the threats we outline here constitute the most common threats but by no means a definitive list. Instead, you should consult with your IT security team and with your threat intelligence feeds to obtain a more concrete list of probable threats.

According to Imperva:

  • 19% of all web application security vulnerabilities qualified as injections, making it the most common attack vector.
  • 14% of threats categorize as Cross-Site Scripting
  • APIs vulnerabilities increased by 23% over 2017. Optimistically, APIs vulnerabilities show signs of slowing down compared to other attacks.

Whereas, according to Positive Technologies:   

  • Cross-scripting errors are present in 77% of applications.
  • 74% had authentication issues.
  • 53% had access control flaws.

The exact statistics determined by different solution providers may at times appear to contradict each other. However, the exact percentages matter less than recognizing the overall patterns and responding appropriately.

In conclusion, when it comes to web application security never allow yourself preparing to fight the last battle. Meet threat actors as an equal combatant…and you’ll find many enemies heading for the hills!

 

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *