New research from Positive Technologies has discovered that almost half (48%) of web applications are vulnerable to unauthorized access, with 44% placing users’ personal data at risk of theft.
What’s more, 70% of the apps Positive Technologies tested proved susceptible to leaks of critical information, whilst attacks on users are possible in 96% of them.
In fact, every app the firm assessed contained vulnerabilities of some sort, with 17% having vulnerabilities that would allow an attacker to take full control over the app.
The majority of detected vulnerabilities (65%) were a result of errors in application development – such as coding errors – with incorrect configuration of web servers accounting for a third of them.
However, the research did discover the percentage of web apps with critical vulnerabilities (52%) had declined for the second year in a row, down from 58% the previous year.
“Web application security is still poor and, despite increasing awareness of the risks, is still not being prioritized enough in the development process,” said Positive Technologies analyst Leigh-Anne Galloway. “Most of these issues could have been prevented entirely by implementing secure development practices, including code audits from the start and throughout.”
Speaking to Infosecurity Eoin Keary, founder and CEO, edgescan, agreed that steps need to be taken to improve application layer security.
“DevSecOps needs to be embraced such that security is throughout the development pipeline,” he said. “Application component security management (software components used by developers) is still not common place in terms of supporting frameworks and software components and is a common source of vulnerability.”
Source: Infosecurity
Nearly Half of All Web Apps Vulnerable to Unauthorized Access
Subscribe to:
Post Comments (Atom)
Intel Tiger Lake CPUs to come with Anti-Malware Protection
Intel’s Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks. I...
-
French security researcher Bekanow discovered probably the biggest spambot in the whole spam history. Known as Onliner malware, the spambot ...
-
By Carl Herberger This is Part 2 of our series on the top 5 most dangerous DDoS attacks and how you can successfully mitigate them. ATTAC...
-
Security researchers just detected yet another major vulnerability in Apache Struts 2 [1] . The detected security flaw allows hackers to per...
No comments:
Post a Comment