Connect with us

Hi, what are you looking for?

Technology

Report: Applications and critical data vulnerable to attack


Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

According to a report by Synopsys, 97% of software and systems targets tested during 2020 were found to contain a vulnerability. Furthermore, 30% of the targets had high-risk vulnerabilities, which threat actors could exploit to access high-value resources, and 6% had critical-risk vulnerabilities, which could allow attackers to execute code and breach critical data on a web or mobile application or application servers.

Insecure data storage and communication vulnerabilities plague mobile applications. Eighty percent of the discovered vulnerabilities in the mobile tests were related to insecure data storage. These vulnerabilities could allow an attacker to gain access to a mobile device either physically (i.e., accessing a stolen device) or through malware. Fifty-three percent of the mobile tests uncovered vulnerabilities associated with insecure communications.

Moreover, application and server misconfigurations represented 21% of the overall vulnerabilities, 19% of the vulnerabilities identified were related to broken access control, and 28% of the total test targets had some exposure to cross-site scripting (XSS) attacks, which is one of the most prevalent and destructive vulnerabilities impacting web applications. Because many XSS vulnerabilities occur only when the application is running, the best approach to security testing is to leverage a broad spectrum of tooling solutions to ensure that an application or system is secure.

Synopsys Application Security Testing Services 2020 by the Numbers. Number of test targets: 2,573. Number of tests: 3,937. Tests that uncovered vulnerabilities: 97%. Number of tests with high or critical severity vulnerabilities: 36%. Total number of vulnerabilities discovered: 28,501. Top vulnerability discovered: missing content-security-policy header at 52%. Top high-risk vulnerability discovered: stored cross-site scripting (XSS). Top critical vulnerability discovered: SQL injection at 3%. Types of tests include web app pen testing at 67%, web app dynamic analysis at 16%, mobile app analysis at 12%, source code analysis at 2%, and network security pen testing at 2%.


The industries represented in the tests included software and internet, financial services, business services, manufacturing, media and entertainment, and health care. Of the tested targets, 83% were web applications and systems, 12% were mobile apps, and the remainder were either source code or network systems or applications. Considering that these industries are heavily reliant on software, it’s crucial to prevent identified software vulnerabilities from severely impacting business.

The data was compiled based on 3,937 tests performed by Synopsys security consultants during customer engagements and include penetration testing, dynamic application security testing, and mobile application security analyses — all designed to confront running applications in the same fashion as a real-world attacker.

Read the full report by Synopsys.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Advertisement. Scroll to continue reading.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member



Source link

Click to comment

Leave a Reply

Advertisement

Latest

Top Stories

Seasoned Bitcoin (BTC) hodlers have hardly spent any coins despite $69,000 all-time highs this year, data shows. According to the Coin Days Destroyed (CDD)...

Top Stories

Some of the money from El Salvador’s state-issued Chivo wallets is reportedly missing, according to many Salvadorans posting on social media. In a Dec....

Technology

Source: iMore The Legend of Zelda: Breath of the Wild is a huge game and a difficult one, too. The game’s opening hours are...

Loan And Finance

Authored by Jon Howells, Chief Commercial Officer, Insurance Premium Finance, Premium Credit We shouldn’t be surprised at the volume of regulatory activity around premium...

Online Business Success

US dollar bills. Photo: Geo.tv/files Finance ministry points out increasing current account deficit and higher inflationary pressure as major challenges. Says expected improvement in trade...

Top Stories

It doesn’t matter how experienced you are at trading because nothing can be done to protect a person against the might of cryptocurrencies’ price...

Technology

A hot potato: A man in Norway claims Ubisoft deleted his Ubisoft Connect account and all his games after a year of inactivity. The...

Top Stories

It doesn’t matter how experienced you are at trading because nothing can be done to protect a person against the might of cryptocurrencies’ price...

Advertisement

You May Also Like

SEO Guide

How to index website on Google? Do you want to drive more organic traffic to your new website? I am sure your answer is...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Blogging

In this post, I will discuss the top ten profitable blogging niches ideas for Adsense approval and high traffic. whether you use Blogger or...

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...

Advertisement