Application Security

increasing vulnerabilities; Public sector particularly at risk

increasing vulnerabilities;  Public sector particularly at risk
Written by ga_dahmani
increasing vulnerabilities;  Public sector particularly at risk

Data of 23.6B security controls underscore the need for a comprehensive approach to application security, with 1/3 of government and education organizations still at risk of SQL injection in 2021

austin, texas, April 5, 2022 /PRNewswire/ — Invicti Security released today his Spring 2022 AppSec Indicator, revealing a rise in serious web vulnerabilities and the need for executive leaders to intertwine their application security and digital transformation efforts to reduce risk. The report examines the web vulnerabilities of more than 939 Invicti customers worldwide and was derived from the largest data set to date, with more than 23 billion security checks executed on customer applications that discovered the most of 282,000 direct impact vulnerabilities.

Data shows that many common and well-understood vulnerabilities continue to proliferate in web applications, and the continued presence of these vulnerabilities presents a serious risk to organizations across industries. Among the findings:

  • Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection (SQLi) are top offenders, each increasing in frequency or hovering around the same alarming numbers year after year. These vulnerabilities can have consequences such as compromised back-end data, hijacked sessions, or forced actions on behalf of other users and services.
  • Remote code execution, always the ultimate goal of malicious attackers, but now especially prominent due to last year’s Log4Shell vulnerability. has seen a steady increase since 2018, jumping 5% in frequency.
  • After a slight improvement in 2020, cross-site scripting (XSS) regressed in 2021with an incidence that increases by 6% year after year.
  • Two industry sectors saw above average SQL injections. 35% of educational institutions and 32% of government organizations experienced at least one occurrence of SQLireflecting that legacy code still in production in these industries needs modernization, and knowledge gaps for developers need to be addressed.

Direct-hit vulnerabilities just don’t go down in frequency, but there are building blocks for every AppSec program that can improve your security posture. For many organizations that do not have adequate security measures in place, the persistence of vulnerabilities can be attributed to flaws in secure design, lack of comprehensive analysis, and the prevailing talent gap in cybersecurity. While these stressors increase risk, organizations that take a proactive and comprehensive approach to application security, prioritizing secure design, integrating security into the application architecture itself, and scanning the entire application footprint will reduce the risk significantly.

“Once again, we have seen that even known vulnerabilities are still prevalent in web applications,” said Invicti President and COO. Marcos Ralls. “It’s time for organizations to take control of their security posture. The only way to do that is to ensure that security is in the DNA of an organization’s culture, processes and tools so that innovation and security go hand”.

You can read the full report here and register for the next webinar with Marcos Ralls on April 7 in 10 a.m. Central Timewhich will explore the report’s findings and discuss real-world approaches to taking back control.

About Invicti Security
Invicti Security is transforming the way web applications are secured. An AppSec leader for over 15 years, Invicti enables organizations across all industries to continuously scan and protect all of their web applications and APIs at the speed of innovation. Invicti provides a complete view of an organization’s entire web application portfolio, and powerful automation and integrations allow customers to achieve broad coverage of even thousands of applications. Invicti is headquartered in austin, texas, serving more than 3,500 organizations of all sizes around the world. For more information, visit our website or follow us on LinkedIn.

Anya Nelson
[email protected]

SOURCE Invicti Security

About the author


Leave a Comment