Is your organization at risk of a cyberattack? The answer is yes – your organization can face a cyberattack at any time. There are a number of applications in use by organizations today and according to research by Synopsys titled 2021 Software Vulnerability Snapshot, almost all, 97% of applications have some form of vulnerability.
In this research, 3,900 tests were conducted on 2,600 target applications or systems. The research company ran tests for its customers, with or without access to the apps.
Here are the main highlights of the research:
- Vulnerabilities and security issues: 30% of the vulnerabilities were found to be high-risk vulnerabilities such as cross-site scripting (XSS) and 6% were critical-risk vulnerabilities, including remote code execution and SQL injection vulnerabilities. The research revealed that the most critical risk vulnerabilities are caused by SQL injection in which malicious actors become able to insert SQL commands into the application interface to manipulate back-end databases.
Furthermore, he concludes that the easy availability of exploit tools helps hackers gain access to sensitive information.
- Breakdown of vulnerabilities: The vulnerabilities found in the search closely matched OWASP’s top 10 vulnerabilities in 2021. These were discovered in 76% of targets. Of the overall vulnerabilities, 19% matched the OWASP A01:2021—Broken Access Control category. Server misconfiguration accounted for 21% of the total vulnerabilities found in the report closely related to the OWASP A05:2021—Security Misconfiguration category.
- Data storage and communication vulnerabilities: During mobile testing, it was found that 80% of the total vulnerabilities were associated with insecure data storage. And more than 50% were related to vulnerable communications. These vulnerabilities allow hackers to gain unauthorized access to a mobile device through malware.
- Low risk vulnerabilities: More than 60% of the total vulnerabilities were low to medium risk, meaning the vulnerabilities were not exploitable by attackers. Yet these were exploitable to facilitate attacks. For example, low-risk vulnerabilities such as detailed server banners found in approximately 50% of tests contained critical information and could provide hackers with important details such as server type, server name or version – which can allow hackers to attack technology stacks.
The report also made some recommendations to help organizations minimize security risks and avoid cyberattacks. He advises companies to write security policies and implement them to protect against cyberattacks because in most of the vulnerabilities found, 77% were due to missing or inadequate corporate policies.
Another recommendation is a software invoice to detail third-party libraries that are used in software applications. If infected, these libraries can make it difficult to gather information or monitor the system. According to the report, nearly one in five tests revealed software applications using third-party infected or vulnerable libraries.
Cybersecurity risks are increasingly complex, but understanding them and taking the right steps is the best way to protect your networks and systems.
Read more : Growing Interest in Cybersecurity Talent Acquisition and 5 Tips for Hunting One