Nearly all of the vulnerabilities detected in web apps were of a critical nature, with financial services sites the most at risk, according to a Positive Technologies report.
- A report from Positive Technologies found that 100% of the web apps it tested contained at least one security vulnerability, with 85% being risks to users.
- Web apps need to be constantly monitored for vulnerabilities, with source code analysis being the best way to find flaws, Positive Technologies said. The key at that point is to release patches swiftly.
Security firm Positive Technologies has released a summary of its
web application vulnerability testing in 2017, and the results should serve as a wakeup call to anyone using, or responsible for, a web app. Of the web apps included in the study, not a single one was without security vulnerabilities, of which 85% allowed attackers to target web app users through attacks like cross-site scripting.
The sample size in Positive Technologies study is small (only 33 web apps were included), and the study also admits that the tested applications are not standard apps and contain large amounts of custom code.
Regardless of the scope of the study, its findings should put web app developers on guard, especially those building custom apps or publishing non-standard web apps—there's no reason to assume they're safe.
Who is most at risk and what are they facing?
Of the web apps considered in the report, nearly half belonged to financial services organizations, which were also the greatest risk category: 100% of financial services apps contained high-risk vulnerabilities.
