Second Web App Security Report by Acunetix shows 55% of websites have severe vulnerabilities (& rising)

Vulnerabilities grow by 9% in past 12 months as companies demand faster application release cycles

London, UK – August 2016 – Acunetix, the pioneer in automated web application security software, announces its annual Web App Security Report 2016. Statistics reveal that high-severity vulnerabilities are on the rise and are now present in the majority of websites globally.

The report looked at 45,000 website and network scans done on 5,700 scan targets from April 2015 to March 2016. Results show that not only do 55% of websites have one or more high-severity vulnerabilities, but this has significantly deteriorated in just one year, growing by 9% over 2015’s report. In addition, 84% of web applications were found to have medium-severity vulnerabilities, while 16% of perimeter network assets were also susceptible to at least one medium severity vulnerability. While this research found a minor, but encouraging reduction in security vulnerabilities such as SQL injection and Cross-site Scripting, these web application vulnerabilities are just two of the top three. The second most prominent vulnerability is Vulnerable JavaScript Libraries (which open up a web app to XSS attacks) – this has shown a significant increase, more than doubling since last year.

On the other hand, Secure Shell (SSH) related vulnerabilities were found to be the most prominent perimeter network vulnerabilities.

Organisations are under intense pressure to deliver web apps and web services to meet the demands of modern digital customers. However, app security is not keeping pace with the development cycle, which broadens a brand’s threat surface. Therefore, today there are significantly more flaws for potential cyber attackers to exploit than 12 months ago.

Organisations need to be clear on what this means – a high-severity vulnerability could allow attackers to gain unauthorised access to data and systems, potentially to sensitive financial, customer, health data and trade secrets. They could also move to other systems to escalate the attack even further.

Chris Martin, General Manager at Acunetix, says: “Our research clearly shows high-severity web app flaws are on the rise and older vulnerabilities are still hanging around. Having a plan in place to prioritise these problems – and actually start tackling them – is critical. Using an automated vulnerability scanner such as Acunetix is the first step to protect your brand’s online real estate.”

Download the 2016 Web Application Security Report or Register for a free trial of Acunetix Online Vulnerability Scanner

About Acunetix Vulnerability Scanner (Online edition)

User-friendly and competitively priced, Acunetix Online Vulnerability Scanner fully interprets and scans websites, including those developed using the latest types of web application development architectures such as JavaScript. Acunetix detects over 3000 types of web application vulnerabilities and is the industry leader in detecting the largest variety of SQL Injection and XSS vulnerabilities, including Out-of-band SQL Injection and DOM-based XSS. Acunetix beats competing products in many areas; including speed, limiting false positives and the ability to access restricted areas with ease. Acunetix also has the most advanced detection of WordPress vulnerabilities and a wide range of management and regulatory reports including ISO 27001 and PCI compliance.

About Acunetix

Acunetix is the market leader in automated web application security testing, and is the tool of choice for many Fortune 500 customers. Acunetix Vulnerability Scanner detects and reports on a wide array of web application vulnerabilities. Acunetix Vulnerability Scanner’s industry leading crawler fully supports HTML5 and JavaScript and AJAX-heavy websites, allowing auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution.