Web Application Security More Critical Than Ever
Other findings from the report include:
- An overall prevalence of high-severity vulnerabilities such as remote code execution, SQL injection, and cross-site scripting;
- Medium-severity vulnerabilities such as denial-of-service, host header injection and directory listing, remained present in 63% of web apps in 2020;
- Several high-severity vulnerabilities did not show improvement in 2020 despite being well understood, such as the incidence of remote code execution, which increased by one percentage point last year.
COVID-19 pushed organizations and consumers to an even greater reliance on web applications. As organizations depend on web applications – ranging from web conferencing and collaboration environments to e-commerce sites – to handle what were once in-person tasks, web application security has become even more critical than ever. And that’s what makes a lost year of web application security so troublesome.
Web attacks reached new highs during the pandemic, according to Interpol, and that puts the security of companies at greater risk.
“It’s very troubling to see this loss of momentum due to reduced attention to web application security,” said Invicti president and COO Mark Ralls in a formal statement. “As we look ahead, we hope to see organizations adopt best practices and invest in security, so that they can continue to advance their web security posture, protect their customers, and avoid being the next big security breach headline.”
