Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Latest AppSec Stats Flash Report from NTT Application Security Finds 50% of Sites Vulnerable in 2021

Global organizations continue to struggle against the rising tide of application-specific and web-application attacks. In fact, 50% of all sites tested by NTT Application Security were vulnerable to at least one serious exploitable vulnerability throughout 2021.

AppSec Stats Flash: 2021 in Review is the product of an exhaustive analysis of the data generated from more than 15 million application security scans performed by organizations throughout 2021-a year that will likely be remembered as one of the most significant for the wider cybersecurity landscape- and aims to provide actionable takeaways for security and development teams responsible for securing the web applications that run their business.

Highlighted by the Colonial Pipeline attack, President Biden's Executive Order for "improving the nation's cybersecurity," and the ongoing Log4j fallout, the events of the past year brought application security to the forefront of all conversations. Despite the elevated push to remediate critical vulnerabilities in both public and private sector applications, there's evidence that suggests this unintentionally led to an overall negative result, as ‘fire-drill' remediation initiatives seem to occur as a tradeoff with-rather than an addition to-existing remediation efforts.

These events, combined with the explosive growth in web applications accelerated by the COVID-19 pandemic, as well as the rapid adoption of modern practices that enable developers to quickly build and deliver valuable functionality, have led the market to an inflection point in how we approach application security testing.

Key findings from the NTT Application Security report include:

  • Half (50 percent) of all sites tested were vulnerable to at least one serious exploitable vulnerability throughout the entire year while 27 percent of sites tested were vulnerable less than thirty days throughout the year.
  • The Education industry had the longest Time-To-Fix a critical vulnerability across all industries (523.5 days) -nearly 335 days more than Public Administration (188.6 days), which maintained the shortest timeframe throughout the year.
  • The Finance and Insurance industry had the lowest percentage of sites perpetually exposed (43 percent), while Professional, Scientific and Technical Services had the highest percentage (65 percent).

NTT Application Security found that the vulnerability classes most likely to be detected remained relatively static throughout the year, while also indicating that well known vulnerability classes plagued applications. Considering that the effort and skill required to discover and exploit these vulnerabilities is fairly low, it's clear that attackers benefited from a target-rich environment in 2021.

For more information about NTT's Application Security Division and its recently launched WhiteHat Vantage platform, visit whitehatsec.com.

Published Friday, February 18, 2022 8:53 AM by David Marshall
Filed under: ,
Get This Featured White Paper: EMA Radar Report - AIOps: A Guide to Investing in Innovation
You may also be interested in this white paper: DRaaS 101 eBook
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<February 2022>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
272812345
6789101112