New Invicti Research: Vulnerabilities on the Rise; Public Sector Particularly at Risk
Saturday, April 9, 2022
Data from 23.6B security checks underscores need for comprehensive application security approach, with 1/3 of Government and Education organizations still at risk of SQL injection in 2021
AUSTIN, Texas, April 5, 2022 /PRNewswire/ -- Invicti Security(TM) today released its Spring 2022 AppSec Indicator, which reveals a rise in severe web vulnerabilities and the need for executive leaders to intertwine their application security and digital transformation efforts to reduce risk. The report examines web vulnerabilities from over 939 Invicti customers worldwide and was derived from the largest data set yet, with more than 23 billion security checks executed on customer applications uncovering over 282,000 direct-impact vulnerabilities.
The data shows that numerous commonplace and well-understood vulnerabilities continue to proliferate in web applications, and the continued presence of these vulnerabilities presents a serious risk to organizations in every industry. Among the findings:
-- Remote code execution (RCE), cross-site scripting (XSS), and SQL
injection (SQLi) are all top offenders, each increasing in frequency or
hovering around the same alarming numbers year over year. These
vulnerabilities can lead to consequences such as compromised back-end
data, hijacked sessions, or forced actions on behalf of other users and
services.
-- Remote code execution, always the ultimate goal of malicious attackers
but now especially prominent due to last year's Log4Shell vulnerability,
has seen a steady increase since 2018, jumping 5% in frequency.
-- After a slight improvement in 2020, cross-site scripting (XSS) backslid
in 2021, with its incidence rising 6% year over year.
-- Two industry sectors saw above-average SQL injections. 35% percent of
educational institutions and 32% percent of government organizations
experienced at least one occurrence of SQLi, reflecting that legacy code
still in production in these industries needs modernization, and
knowledge gaps for developers should be addressed.
Direct-impact vulnerabilities simply aren't reducing in frequency, but there are foundational elements to every AppSec program that can improve security posture. For many organizations without adequate security measures, the persistence of vulnerabilities can be attributed to failures in secure design, a lack of comprehensive scanning, and the prevailing talent gap in cybersecurity. While these stressors increase risk, organizations that adopt a proactive and comprehensive approach to application security, prioritizing secure design, baking security into the very architecture of applications, and scanning their entire application footprint, will reduce risk significantly.
"Once again, we've seen that even well-known vulnerabilities are still prevalent in web applications," said Invicti president and COO Mark Ralls. "It's time for organizations to gain command of their security posture. The only way to do that is to ensure that security is in the DNA of an organization's culture, processes, and tooling so that innovation and security go hand-in-hand."
You can read the full report here and register for the upcoming webinar with Mark Ralls on April 7 at 10 AM CT, which will explore the report's findings and discuss real-world approaches to regain control.
About Invicti Security
Invicti Security is transforming the way web applications are secured. An AppSec leader for more than 15 years, Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti provides a comprehensive view of an organization's entire web application portfolio, and powerful automation and integrations enable customers to achieve broad coverage of even thousands of applications. Invicti is headquartered in Austin, Texas, and serves more than 3,500 organizations of all sizes all over the world. For more information, visit our website or follow us on LinkedIn.
CONTACT:
Jodi Holzband
Jodi@classicbart.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/new-invicti-research-vulnerabilities-on-the-rise-public-sector-particularly-at-risk-301516894.html
SOURCE Invicti Security
|
|
|
|
|
 |
Asetek - Mandatory Notification of Trade | Jan 22, 2026
|
|
BC.GAME to Host "Stay Untamed" Night During Abu Dhabi's Packed Web3 Summit Week | Jan 22, 2026
|
|
Tomorrowland Brings the Magic to Shanghai for a Spectacular First Indoor Edition in China | Jan 22, 2026
|
|
Rent Manager Earned Best Real Estate Software Product Award and Multiple Review Badges from G2 Platform | Jan 22, 2026
|
|
Auburn University's Applied Research Institute Expands Advanced Manufacturing Capabilities with CF3D Enterprise Cell | Jan 22, 2026
|
|
California Divorce Mediation Center Unveils Modern Website Redesign | Jan 22, 2026
|
|
AMPERA ANNOUNCES LOCATION FOR GLOBAL HEADQUARTERS | Jan 22, 2026
|
|
Gemmy Alerts Customers: Fake Websites Target Holiday Decorators | Jan 22, 2026
|
|
AMPLIFY Named Finalist in Three Categories at the 2026 Golden Gavel Awards | Jan 22, 2026
|
|
Culture and tourism sectors thrive in Xiamen | Jan 22, 2026
|
|
|
