Defence Online

Positive Technologies finds the majority of web application vulnerabilities are in the source code

Homeland February 18, 2020

New findings from Positive Technologies reveal that 82% of web application vulnerabilities can be found within the source code.

Positive Technologies’ new report details web application vulnerabilities as well as statistics on cyberattacks and malware. Positive Technologies has released its report Web Application Vulnerabilities and Threats: Statistics for 2019, which found that 9 times out of 10, hackers can attack site visitors.

Web applications of financial institutions had the best security in 2019, with no systems in this industry receiving a ‘poor’ or ‘extremely poor’ security rating. Web applications of state institutions are the least secure.

Head of Information Security Analytics at Positive Technologies, Evgeny Gnedin, said: “Password-only authentication is a contributing factor in most authentication attacks.”

“Lack of two factor authentication makes attacks very easy. Users tend to use weak passwords, which makes matters even worse. Bypassing access restrictions usually leads to unauthorized disclosure, modification, or destruction of data.”

Attacks against users include infection of computers with malware (percentage of this type of attacks on individuals went up to 62% in the third quarter of 2019, versus 50% in the second quarter), phishing attacks aimed at obtaining credentials or other important data and posing as a legitimate user via clickjacking to drive up likes and views. The high percentage of errors in the source code suggests that source code is not being checked for vulnerabilities during development, signalling that developers give short thrift to security, instead of focusing on app functionality.

According to experts, 90% of web applications are vulnerable to attacks on clients. Cross-Site Scripting (XSS) remains a significant vulnerability, as in previous years.

If you would like to join our community and read more articles like this then please click here.

cyber attacks cyber security Development digital hack malware statistics

Post written by: Ciara Houghton

LATEST STAKEHOLDER

Become a Stakeholder today and benefit from an exclusive marketing package which will allow you to:

Engage with active defence buyers and key supply chain partners

Create your own branded micro-site which within Defence Online which is managed by you

Have a dedicated Digital Account Manager to help enhance your Stakeholder page

Promote your news, products, press releases, eBooks and Videos as a Defence Online partner which feeds through to our homepage and social media channels

Have your company promoted on our partner website Defence Contracts Online (DCO)

All news promoted in mynewsdesk, a major hub for all of our news articles which enables news to be picked up from trade magazines, national newspapers and many other publications which offers extra exposure at no additional cost!

Contact us today or call us on 0845 557 1315 to take advantage of this exclusive marketing package

he Defence Experimentation and Wargaming Hub building. MOD Crown Copyright.

April 17, 2024

Homeland - Launch of the Defence Experimentation and Wargaming Hub

Strategic Command unveils the Defence Experimentation and Wargaming Hub at Southwick Park, Defence’s home for wargaming and decision support. Strategic Command’s