New research from Positive Technologies has discovered that almost half (48%) of web applications are vulnerable to unauthorized access, with 44% placing users’ personal data at risk of theft.
What’s more, 70% of the apps Positive Technologies tested proved susceptible to leaks of critical information, whilst attacks on users are possible in 96% of them.
In fact, every app the firm assessed contained vulnerabilities of some sort, with 17% having vulnerabilities that would allow an attacker to take full control over the app.
The majority of detected vulnerabilities (65%) were a result of errors in application development – such as coding errors – with incorrect configuration of web servers accounting for a third of them.
However, the research did discover the percentage of web apps with critical vulnerabilities (52%) had declined for the second year in a row, down from 58% the previous year.
“Web application security is still poor and, despite increasing awareness of the risks, is still not being prioritized enough in the development process,” said Positive Technologies analyst Leigh-Anne Galloway. “Most of these issues could have been prevented entirely by implementing secure development practices, including code audits from the start and throughout.”
Speaking to Infosecurity Eoin Keary, founder and CEO, edgescan, agreed that steps need to be taken to improve application layer security.
“DevSecOps needs to be embraced such that security is throughout the development pipeline,” he said. “Application component security management (software components used by developers) is still not common place in terms of supporting frameworks and software components and is a common source of vulnerability.”