More testing needed to ensure security of web applications
A new report from CyCognito looks at the challenges faced by cybersecurity professionals in protecting web applications, which have become prime targets for cyberattacks.
Organizations maintain dozens, often hundreds, of custom web apps, developed in-house and by third-party partners. What's more over 60 percent update web applications weekly or more often.
Over a third of respondents (35 percent) say they experience a significant security event involving a web app at least once a week, while more than a quarter (26 percent) experience a major incident that often.
Yet testing is being neglected almost 75 percent only test their web applications monthly or less often, leaving more than 40 percent of the attack surface untested. 70 percent say the number of web applications in their environment is too large for adequate testing. Other barriers to adequate web application testing include the volume of APIs in production environments (cited as a large or very large blocker by 67 percent) and the time required to test and monitor changes (66 percent).
In addition 53 percent of respondents say they face difficulties remediating vulnerabilities uncovered by web application testing. 65 percent are planning to increase automation within
their web application security testing workflows. There is also interest in building out continuous testing capabilities.
"In the modern IT ecosystem, each SaaS instance, DevOps service, and hardware device has a web interface. Generative AI is also now creating many more of these interfaces, resulting in thousands of exposed web applications for large enterprises. Despite this fact, most security teams only test monthly at best," says Rob Gurzeev, CEO and co-founder of CyCognito. "And when they do test, coverage is severely limited, ranging from five percent to 13 percent, due to outdated testing methods. This result is that many applications are left vulnerable. Our research clearly underscores that automating testing processes are absolutely critical to ensuring robust protection against evolving cyber threats."
The full report is available from the CyCognito site.
Image credit: ra3studio/depositphotos.com