DUBLIN, Jan. 29, 2018 /PRNewswire/ -- The report includes trends and observations based on assessing thousands of web applications, Cloud and Hosting environments for the past 12 months to December 2017.
Detail on the most common vulnerabilities, root cause and quick wins are all discussed in the report. Additional features in the 2018 report discuss security vulnerabilities from a compliance standpoint and advisory in relation to how to "change the game" and improve one's security posture.
Key points of the report:
- 20% of all vulnerabilities discovered in web applications are considered High or Critical Risk issues.
- 2% of all vulnerabilities discovered in hosting infrastructure are High or Critical Risk issues.
- 29% of all security weaknesses in the web application layer were due to insecure configuration & deployment.
- 45% of all security weaknesses in the hosting and network layers were due to poor cryptography and protection of sensitive data.
"Many of the cyber security weaknesses discovered are due to simple measures not being taken. This is not a result of unwillingness to be more secure but in most cases it's rather a question of visibility and situational awareness. Our unique fullstack vulnerability management approach helps us track and measure cyber security weaknesses in a unique way resulting in the annual report." - says Eoin Keary CEO of edgescan.
Many of the problems uncovered in 2016 and the year before are still present. In 2017 we experienced some major cybersecurity breaches, many of which were a result of a technical security issue as opposed to human error. Both Large global organisations and governments were breached resulting in millions of client records being stolen. Common vulnerabilities are still easy to find due to insecure programming practices.
"The majority of critical risks are still in the web application layer. Many of which are a result of organisations using out-dated and unpatched system components." - Owen Mooney, edgescan CTO.
edgescan provides fullstack vulnerability management for thousands of systems globally.
Combining advanced technology with consultant expertise, edgescan delivers web application and hosting/cloud environment security solutions that reduce risk, reduce cost and help ensure the deployment of secure applications, cloud platforms and hosting environments.
edgescan is a security-as-a-service platform providing dynamic application security testing (DAST) and host layer vulnerability management coupled with expert validation and support. As an Approved Payment Card Industry Security Vendor (PCI ASV) edgescan assists with both cybersecurity and compliance requirements for hundreds of clients globally.