Every year, Acunetix brings you an analysis of the most common web security vulnerabilities and network perimeter vulnerabilities. Our annual Web Application Vulnerability Report is based on real data taken from Acunetix Online. We randomly select websites and web applications protected using our software, anonymize them, and perform statistical analysis. Here are the findings for this year.
The State of Web Application Security
The 2020 report is optimistic but the state of web security is still far from perfect. Most high and medium severity vulnerabilities are less common in 2020 than in 2019. However, there are high severity vulnerabilities that may lead to the loss of sensitive information and that have become much more common this year.
What worries us most is that new websites and web applications (those that were not scanned before 2019) have more web vulnerabilities. This means that security is still a major problem in software development. Developers don’t know how to write secure code, they make common mistakes, they trust user input including form fields too much, and their work environments don’t help them maintain application code security.
Vulnerabilities at a Glance
The report also contains data on other software security issues including buffer overflow, host header injection flaws, denial-of-service and DDoS vulnerabilities, issues related to access control and broken authentication such as weak passwords, web server misconfigurations, and more.
Interestingly enough, when analyzing the data in our report we also noticed that PHP security keeps improving. However, this may be caused by the relative stability of the WordPress core, which is written using PHP.
Beware of the Consequences
In conclusion, the 2020 Web Application Vulnerability Report emphasizes the importance of web vulnerability scanning. Issues discovered by scanners such as Acunetix can have serious consequences and lead to server-side sensitive data exposure including user account compromise, credit card information theft, security breaches of back-end databases, as well as client-side attacks on user’s browsers.
Get the latest content on web security
in your inbox each week.