WhiteHat Security has released its eleventh annual Web Applications Security Statistics Report which was compiled using data collected from tens of thousands of websites to analyze vulnerabilities, remediation rates and risk levels. The report reveals that on average, the majority of web applications exhibit two or more serious vulnerabilities per application for every industry at any given point in time.
The report’s findings are based on the aggregated vulnerability scanning and remediation data from web applications that use the WhiteHat Sentinel service for security testing. The research shows of the 12 industries analyzed in the report, the information technology (IT), education, and retail industries suffer the highest number of critical or high-risk vulnerabilities per web application, at 17, 15 and 13 respectively.
The findings also highlight that the IT and retail industries struggle to remediate in a timely manner. It takes approximately 250 days for IT and 205 days for retail businesses to fix the software flaws. Additionally, highly regulated industries, such as financial services and healthcare, are not performing significantly better than the rest.
Other findings from the report:
- Since 2013, the average time to fix vulnerabilities has trended upward; in 2013, the average time-to-fix was approximately 100 days. The average time-to-fix in 2015 jumped to approximately 150 days,
- Critical and high-risk vulnerabilities have an average age of 300 and 500 days, respectively.
- For the 12 industries analyzed in the report, nine have vulnerability remediation rates below 50 percent.
- Insufficient Transport Layer Protection, Information Leakage and Cross-Site Scripting are widely known application vulnerabilities, yet they are the three most common vulnerabilities found within web applications across all industries.
White Hat will host a
webinar on June 29 at 10am PDT to review and discuss the findings. The full report is available at the link below.