At least 50% of applications used in sectors such as construction, public services, healthcare, retail, the education and services of general interest, contains one or more serious exploitable vulnerabilities, according to a new study by Whitehat security. This is related to the transition to digital in most sectors in the last year, which has increased the number of applications used.
The constructions had the highest "exhibition window", with almost 70% of the applications used in the industry having at least one seriously exploitable vulnerability, according to the report AppSec Stats Flash Volume 2, a monthly analysis launched this year.
The first five vulnerabilities recorded by WhiteHat over the past three months were information leaks, insufficient login expiration, cross site scripting, inadequate transfer layer protection, and falsification content.
The authors of the report noted that the effort and skill required to discover and exploitation of these vulnerabilities is quite low, thus making it easier for the "opponent".
According to Infosecurity Magazine, part of the problem seems to be the high average time required to resolve critical vulnerabilities, which were found to be 189 days in all industries. However, there was a five-day improvement in their average 12 months compared to the previous month, down from 194 days. It is noteworthy that three sectors - education services, public administration and real estate - were needed on average, more than a year to correct critical vulnerabilities.
Setu Kulkarni, Vice President of WhiteHat Security, commented on the fact that 50% of applications have at least one exploitable vulnerability, noting the following: "In 2021, we have more detailed security and breach data than ever before. However, the security situation of the applications remains very worrying. No application has been created in the same way and therefore each presents a completely unique surface attack. This, combined with the fact that applications today are increasingly diverse with interfaces based on Internet, mobile and API, make her safety applications is a multidimensional challenge. "
The fact that at least 50% of applications have one or more exploitable vulnerabilities should immediately wake up all sectors, so that measures can be taken to best address and prevent potential threats.