The Automated Code Analysis: Web Application Vulnerabilities in 2017 revealed that 94% of web applications suffer from high-severity software vulnerabilities. Positive Technologies, a security firm, tested every app that has different levels of severity and found that 85% of them have an exploitable vulnerability—and it’s safe to say cybercriminals have noticed this feature as well.
Based on the report, Positive Technologies evaluated 33 applications vulnerability assessments. The assessment was done publicly, while others were for internal business functions only. Every single app was prone to code and/or configuration weaknesses. Other flaws like were not considered in the report such as unpatched software updates.
Cross-site scripting (XSS) bugs, among all the identified vulnerabilities, were the most prevalent at 82 percent of applications. HTTP response splitting and arbitrary file follow as it hit 58% and 52%, individually.
Aside from enabling attacks against users, the vulnerabilities discovered in 70 percent of applications laid the foundation for denial-of-service (DoS) conditions. This medium-level threat was more common than four others of high severity, including arbitrary file reading (61 percent), operating system (OS) commanding (55 percent), unauthorized database access (45 percent), and deletion or modification of server files (42 percent).
The vulnerabilities found in 70% of applications brought the foundation for denial-of-service (DoS) conditions — that’s apart from facilitating attacks against users. This medium-level threat was more common than four others of high severity, including 61% of arbitrary file reading (61 percent), 55% of operating system (OS) commanding, 45% unauthorized database access, and 42% of deletion or modification of server files.
Some industries’ web applications were more vulnerable to weaknesses than others. For instance, Positive Technologies found critical vulnerabilities in 100 percent of financial institutions’ web apps, while 83 percent of government apps and 75 percent e-commerce software suffered from high-severity flaws.
The other industries with web applications were more helpless to weaknesses than others. As an example, Positive Technologies found critical vulnerabilities in the following:
- 100 percent of financial institutions’ web apps
- 83 percent of government apps
- 75 percent e-commerce software endured from high-severity flaws