Imperva today released its annual State of Vulnerabilities report for 2020. Within the report, Imperva Research Labs present threat intelligence concerning vulnerabilities for web applications and databases across 2020.
Imperva serves as an edge, application security, and data security provider for enterprises. As such, it works to protect applications, data, and websites from external threat actors.
While external cyber-threats remain a key challenge to businesses, the overall trend of vulnerabilities appears to be declining. The overall number dropped in 2020 by 2.04 percent compared to the year previous (23,006 compared to 23,485 respectively).
The most common web-related vulnerability in 2020 is Cross-Site Scripting (XSS), comprising 28 percent of all vulnerabilities. Meanwhile, the second most common vulnerability are injection flaws with SQL injections being the most popular. However, while the overall trend is down, the number of new API vulnerabilities is rising, with 338 in 2020. Finally, WordPress registered the highest number of vulnerabilities among content management systems in 2020.
The conclusion of the report provides some insights as to what enterprises can do to close these vulnerabilities.“One of the best solutions for protecting against web application database vulnerabilities is to deploy a Web Application Firewall (WAF) and Data Monitoring & Protection. The solution may be either on-premise, in the cloud, or a combination of both depending on your needs, infrastructure, and more. As organizations move more of their apps and data to the cloud, it’s important to think through your security requirements.”
Learn more about Imperva as a provider here. Click on the icon below to learn more about SIEM, another avenue for discovering and closing vulnerabilities and monitoring potential threats across IT environments.
Latest posts by Ben Canner (see all)
- The Highest Rated Threat Hunting Books Available on Amazon - June 11, 2021
- EA Breach: What We Know About Latest Major Cyber-Attack - June 10, 2021
- It Only Takes One Cybersecurity Mistake to Let Hackers In - June 9, 2021