WhiteHat Security has released its eleventh annual Web Applications Security Statistics Report which was compiled using data collected from tens of thousands of websites to analyze vulnerabilities, remediation rates and risk levels. The report reveals that on average, the majority of web applications exhibit two or more serious vulnerabilities per application for every industry at any given point in time.
The report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for security testing. The research shows of the 12 industries analyzed in the report, the information technology (IT), education, and retail industries suffer the highest number of critical or high-risk vulnerabilities per web application, at 17, 15 and 13 respectively.
The findings also highlight that the IT and retail industries struggle to remediate in a timely manner. It takes approximately 250 days for IT and 205 days for retail businesses to fix the software flaws. Additionally, highly regulated industries, such as financial services and healthcare, are not performing significantly better than the rest.
Other findings from the report:
- Since 2013, the average time to fix vulnerabilities has trended upward; in 2013, the average time-to-fix was approximately 100 days. The average time-to-fix in 2015 jumped to approximately 150 days,
- Critical and high-risk vulnerabilities have an average age of 300 and 500 days, respectively.
- For the 12 industries analyzed in the report, nine have vulnerability remediation rates below 50 percent.
- Insufficient Transport Layer Protection, Information Leakage and Cross-Site Scripting are widely known application vulnerabilities, yet they are the three most common vulnerabilities found within web applications across all industries.
Read more: https://info.whitehatsec.com/Website-Stats-Report-...
White Hat will host a webinar
on June 29 at 10am PDT to review and discuss the findings. The full report is available at the link below.
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.