According to a report from Imperva, the number of new web application vulnerabilities disclosed in 2017 increased 212% over the previous year, jumping to 14,082 from 6,615. In addition, the report found more than half of all web applications have an exploit that is publicly available to hackers, and a large percentage of web application vulnerabilities have no patches, upgrades or workarounds.
Web application vulnerabilities represented the largest cause of data breaches in 2017. For example, the Equifax breach exposed personal data on more than 140 million individuals. According to Verizon’s 2017 Data Breach Investigations Report, attackers using botnets to conduct attacks on web applications accounted for more breaches (571) than any other type of attack. In addition, Veracode’s State of Software Security Report 2017 determined that about 88% of Java applications had at least one flaw in a component.
Main Causes For Vulnerabilities In Application Security
- More developers are using open source components to build applications.
- Simply using software composition analysis for checking and replacing known vulnerabilities in open source components is inadequate, because vulnerabilities often are discovered after the application is deployed.
- Many web applications are being produced these days, and more code equals more vulnerabilities.
- Security is lacking in the application design, continuous integration and continuous delivery processes. Obsolete and/or vulnerable open source application components are not patched, upgraded, tested or replaced and remain in use, leaving web applications vulnerable throughout their lifecycle.
Why Application Security Is So Important
It’s important to verify that all open source components used in web application development are maintained and tested frequently for vulnerabilities. You want to identify problems that you can remediate to prevent security breaches.
In 2017, cross-site scripting (XSS) errors were the most prevalent web application vulnerability in open source components, accounting for 1,863 new XSS vulnerabilities. XSS continues to be one of the most prevalent web application vulnerabilities, but they’re easy to test and find.
As a part of the process for building and testing web applications, you need to make sure that all open source components are maintained to include patching, upgrading and security testing. Any exploitation of a web application affects your customers, because people lose trust in your company. The consequences are even more severe if sensitive data is compromised.
Whether you have a small business or a large enterprise, safeguarding your company’s reputation is essential. That’s why testing open source components needs to be included in your web application security processes.
Ready to learn more about how you can prevent application security breaches? Find out the processes and details of a web application penetration test, which should be conducted annually or after any significant code change.