Security

10 most common vulnerabilities in web apps

A new report from Positive Technologies reveals vulnerabilities found most often in web apps.

A Tuesday report from Positive Technologies revealed startling statistics about the safety of personal information in different web applications—70% are vulnerable to critical data leaks

The study also found that hackers could access personal data in 44% of the web apps tested. This includes personalized data from apps in industries like finance, e-commerce, and telecom.

The report found that all of the applications tested contained vulnerabilities— some of higher severity than others.

SEE: Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)

Positive Technologies found the following 10 most common vulnerabilities in its research:

  1. Cross-site scripting - 74%
  2. Fingerprinting - 61%
  3. Information leakage - 52%
  4. Brute force - 52%
  5. Cross-site request forgery - 39%
  6. SQL injection - 26%
  7. URL redirector abuse - 17%
  8. OS commanding - 9%
  9. XML external entities - 9%
  10. Path traversal - 9%

Some 48% of tested web applications were not protected from unauthorized access. Additionally, the ability to gain full control was available in 17% of tested applications.

So, why are all of these apps vulnerable to hackers? According to the report, 65% of the vulnerabilities are due to coding errors. An additional third of the errors were due to incorrectly configured web servers, the report said.

"Web application security is still poor and, despite increasing awareness of the risks, is still not being prioritized enough in the development process," Positive Technologies cybersecurity resilience lead, Leigh-Anne Galloway, said in the report. "Most of these issues could have been prevented entirely by implementing secure development practices, including code audits from the start and throughout."

The big takeaways for tech leaders:
  • A new report from Positive Technologies claims that 44% of web apps allow hackers to access personal data.
  • All web apps contain vulnerabilities, with cross-site scripting, fingerprinting, and information leakage being the most common.

Also see

webappsec.jpg
Image: iStockphoto/welcomia

About Laurel Deppen

Laurel Deppen is the 2018 summer Editorial Intern for TechRepublic. She is a student at Western Kentucky University.

Editor's Picks

Free Newsletters, In your Inbox