Research finds vulnerabilities in 97 percent of applications

No Comments

Data from 3,900 tests conducted on 2,600 software or systems targets reveals that 97 percent had some form of vulnerability, 30 percent of the targets had high-risk vulnerabilities, and six percent had critical-risk vulnerabilities.

In the research from Synopsys 83 percent of the tested targets were web applications or systems, 12 percent mobile applications, and the remainder either source code or network systems/applications. Industries represented in the tests include software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.

"Cloud-based deployments, modern technology frameworks, and the rapid pace of delivery is forcing security groups to react more quickly as software is released," says Girish Janardhanudu, vice president, security consulting at Synopsys Software Integrity Group. "With insufficient AppSec resources in the market, organizations are leveraging application testing services such as those Synopsys provides in order to flexibly scale their security testing. We've seen a heavy increase in assessment demand throughout the pandemic."

OWASP top 10 vulnerabilities were discovered in 76 percent of the targets, while application and server misconfigurations were 21 percent of the overall vulnerabilities found.

On mobile applications 80 percent of the discovered vulnerabilities relate to insecure data storage which could allow an attacker to gain access to a mobile device either physically or through malware. 53 percent of the mobile tests uncovered vulnerabilities associated with insecure communications.

Although 64 percent of vulnerabilities discovered in the tests are considered minimal-, low-, or medium-risk, even these can be exploited to facilitate attacks so uncovering them is not a wasted exercise.

Vulnerable third-party libraries were found in 18 percent of the penetration tests conducted, highlighting the need for a software bill of materials to track the use of components.

The full report is available from the Synopsys site.

Image credit: billiondigital/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

How threat intelligence can improve vulnerability management outcomes

Ubuntu Linux-based Voyager 24.04 LTS unites GNOME and Xfce

Kioxia unveils TransMemory U304 USB flash drive

Microsoft and Estée Lauder transform the beauty industry with AI

Microsoft and IBM open source MS-DOS 4.00

Software file converters: How they work and why you need them

Human risk management automation can help beat burnout

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.