Chances are high that almost every single application an organization uses has at least one security vulnerability in it.
Contrast Security recently analyzed telemetry gathered between June 2019 and May 2020 from applications in development, testing, and operations at customer locations. The exercise found 96% of applications contained at least one security bug — more than one-quarter of them serious. Eleven percent of the applications analyzed had six or more serious vulnerabilities.
As usual, cross-site scripting errors, broken access control, and SQL injection errors topped the list of serious vulnerabilities that Contrast’s researchers encountered. More than seven in 10 (72%) had insecure configuration vulnerabilities and 64% were vulnerable to sensitive data exposure.
Contrast’s research shows attackers are relentlessly probing for these vulnerabilities to try and break into applications. The company counted over 13,000 attacks per month on average against individual applications — 98% of which were just probes that did not hit an existing vulnerability. Contrast counted a sharp…
