Fullstack Vulnerability Management to detect weaknesses across web applications and supporting hosts. Continuous Vulnerability Assessment coupled with expert human intelligence - Virtually False Positive Free.
Full Stack Security: Websites, apps (mobile/web/cloud), software, servers and networks with over 57,000 assets under vulnerability management, edgescan is a listed "notable vendor" in the Gartner’s Magic Quadrant for Managed Security Services and a “sample vendor” in the Gartner Application Security Hype cycle.
At The Edge Column is Made Possible by the Generosity of Edgescan.
We are ever so grateful for your support!
App layer is where the risk lives:
In 2018 we discovered that on average, 19% of all vulnerabilities were associated with (Layer 7) web applications, API’s, etc., and 81% were network vulnerabilities.
The Risk Density is still high and has not changed significantly from last years report.
Even though we find more vulnerabilities in the Infrastructure layer the risk is certainly living in the application layer. This is due to the “snowflake effect”; every application is unique, developed in a stand alone fashion and serves a unique purpose as opposed to infrastructure which is commoditised and much more uniform.
Change and uniqueness certainly introduces additional risk. Internal, non public application layer security is worse; 24.9% of all discovered vulnerabilities are High or Critical Risk.
"Zeroday" Vulnerabilities are a myth for most part:
Most of the vulnerabilities discovered are from between 2011 and 2015. Believe it or not, the majority of vulnerabilities discovered out there are between four and seven years old. According the the Verizon DBiR (2018) the majority of breaches are also as a result of exploitation of old, known vulnerabilities!!
Listen to Eoin and Rahim Talk About The 2019 Report Findings
Eoin Keary, Edgescan CEO, Tells Their Story
"Security is everybody’s problem now," says Eoin. "It is getting attention at the board level; you need to get yourself into these meetings, and you need to be prepared to present metrics."