A current examine performed by Kaspersky Safety Evaluation consultants has revealed probably the most prevalent vulnerabilities in company internet purposes developed in-house.
Spanning the years between 2021 and 2023, the examine recognized quite a few flaws, predominantly within the realms of entry management and knowledge safety, throughout a major variety of purposes. Of specific concern have been vulnerabilities associated to SQL injections, constituting the best proportion of high-risk vulnerabilities found.
These internet purposes function integral elements of organizations’ on-line infrastructure, facilitating varied companies and interactions with customers. Vulnerabilities in these purposes pose important dangers to enterprises, probably exposing delicate knowledge or permitting unauthorized entry.
Among the many vulnerabilities recognized, entry management flaws and failures in knowledge safety have been prevalent, accounting for 70% of examined purposes through the examine interval. These vulnerabilities can result in unauthorized entry or the publicity of delicate info, emphasizing the necessity for sturdy safety measures.
Learn extra on entry management safety: Excessive-Severity Entry Management Vulnerability Present in Spring WebFlux
Oxana Andreeva, a safety skilled at Kaspersky, highlighted the importance of contemplating the potential penalties of those vulnerabilities, which range in severity.
“As an illustration, one vulnerability may allow attackers to steal person authentication knowledge, whereas one other may assist execute malicious code on the server, every with various levels of penalties for enterprise continuity and resilience,” Andreeva stated.
“Our rankings mirror this consideration, drawing from our sensible expertise in conducting safety evaluation initiatives.”
Weak person passwords additionally posed a major danger, with 78% of vulnerabilities falling into this class categorized as high-risk. Notably, regardless of the prevalence of weak passwords, solely 22% of internet purposes studied have been discovered to have this vulnerability, suggesting potential gaps between take a look at variations and reside programs.
The examine’s findings, which align with the OWASP Prime Ten ranking classes, underscore the significance of addressing these vulnerabilities to safeguard delicate knowledge and defend internet purposes and related programs from compromise.
To mitigate these dangers, the Kaspersky Safety Evaluation workforce really useful implementing safe software program improvement practices, conducting common safety assessments and deploying monitoring mechanisms to detect and reply to potential threats promptly.
