Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity

This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities.
In a different article, we will also share some research on how our red teaming and app sec teams found clever ways to exploit vulnerabilities and provide some amazing value to our customers.
As we dive deeper, we confront the fading allure of low-hanging fruits - vulnerabilities that were once exploited with ease - and examine the reasons behind their gradual decline.
In the rapidly evolving world of cybersecurity, the trends and vulnerabilities witnessed in penetration testing reflect the changing dynamics of web applications and their security postures.
As we analyze our data from 2023, a notable trend emerges: the gradual decline of traditional vulnerabilities like Cross-Site Scripting and SQL Injection, contrasted by the rise in complex issues such as Privilege Escalations, Insecure Direct Object References, Server-Side Request Forgery, business logic errors, and Server-Side Template Injection.
Easy to identify and exploit, these vulnerabilities have been the bane of web applications for years.
Our data indicates a significant downturn in these vulnerabilities.
While the traditional vulnerabilities are on the decline, we are witnessing an uptick in more sophisticated security challenges.
Applications developed within the last five years, particularly those using newer frameworks and technologies, are less prone to traditional vulnerabilities.
Frameworks like Next.js and React enforce secure defaults and encourage patterns that reduce the risk of common vulnerabilities.
According to our data, XSS vulnerabilities have seen a reduction of approximately 25% in modern web applications compared to those developed five years ago.
SQL Injection vulnerabilities have decreased by around 40% in newer applications.
Over the past year, our platform and team have facilitated a 40% reduction in the time-to-remediation for critical vulnerabilities, a benchmark that significantly outpaces the industry average.
In 2023, our team identified and helped remediate of over 700 critical vulnerabilities across applications, networks and the cloud.
The critical vulnerabilities are really critical and could have allowed a bad actor to compromise the customer's infrastructure or even exfiltrate PII information.
Fintech: Fintech firms benefited from our targeted test cases, where we discovered critical API vulnerabilities at a rate of 15% wherein we discovered unauthorized API calls, business logical issues and more.
Blockchain Companies: For blockchain entities, smart contract vulnerabilities were a focus, with Strobes PTaaS identifying critical flaws that could have led to significant financial losses, at a rate 15% higher than seen via traditional security measures.
Healthcare: In healthcare, we've reduced the average detection time for HIPAA non-compliance issues by 50%, ensuring customers fix vulnerabilities in time and always are in compliance.
Vulnerability Tracking and Prioritization: Unlike traditional penetration testing, which can be sporadic and inconsistent, Strobes provides continuous vulnerability tracking.
The use of automated tools also means that vulnerabilities are scanned and identified swiftly, enabling faster remediation and contributing to overall cost savings.


This Cyber News was published on securityboulevard.com. Publication date: Mon, 18 Dec 2023 11:13:05 +0000


Cyber News related to Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity

Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
1 year ago Securityboulevard.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
1 year ago Securityboulevard.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
7 months ago Feeds.fortinet.com
How workforce reductions affect cybersecurity postures - In its State of Pentesting Report, Cobalt reveals an industry struggling to balance the use of AI and protecting against it, while facing significant resource and staffing constraints. Pentesting plays a key role in addressing this challenge, ...
7 months ago Helpnetsecurity.com
Cybersecurity Curriculum Development Tips - In this article, we will explore essential tips for developing a comprehensive and up-to-date cybersecurity curriculum. By staying abreast of the latest industry trends, educational program developers can ensure that their curriculum remains relevant ...
1 year ago Securityzap.com
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
11 months ago Securityzap.com
Gamification in Cybersecurity Education - Gamification has become increasingly prevalent in numerous domains, including cybersecurity education. Gamification presents a promising approach to meet this challenge, making cybersecurity education both effective and enjoyable. One way to ...
1 year ago Securityzap.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
6 months ago Techtarget.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
10 months ago Legal.thomsonreuters.com
Cybersecurity Curriculum Development Tips for Schools - With the constant threat of cyber attacks, schools must prioritize the development of a robust cybersecurity curriculum to equip students with the necessary skills and knowledge. This article provides valuable insights and tips for schools aiming to ...
11 months ago Securityzap.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
1 year ago Securityzap.com
The Dual Role AI Plays in Cybersecurity: How to Stay Ahead - There's a wide range of AI-enabled solutions available for various business use cases, and organizations are increasingly recognizing their value. According to a survey, 33 percent of organizations are currently leveraging generative AI in at least ...
11 months ago Bleepingcomputer.com
What the cybersecurity workforce can expect in 2024 - For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study. ...
11 months ago Securityintelligence.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
11 months ago Securityzap.com
Digital Learning Tools for Cybersecurity Education - In the field of cybersecurity education, digital learning tools have become indispensable. This article explores various digital learning tools tailored specifically to cybersecurity education. These digital learning tools play a crucial role in ...
1 year ago Securityzap.com
How to Avoid Falling Below the Cybersecurity Poverty Line - The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy ...
1 year ago Csoonline.com
Key cybersecurity skills gap statistics you should be aware of - As the sophistication and frequency of cyber threats continue to escalate, the demand for skilled cybersecurity professionals has never been bigger. The skills gap is not merely a statistical discrepancy; it represents a substantial vulnerability in ...
11 months ago Helpnetsecurity.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
1 year ago Darkreading.com
Beyond Mere Compliance - Too often we continue to see executives whose approach to cybersecurity - compliance rather than protection - is strikingly similar to that of the ill-advised business owner whose minimal fire protection is designed only to meet the building code. ...
1 year ago Cyberdefensemagazine.com
Developing Cybersecurity Awareness Programs for Schools - Schools are increasingly becoming targets for cyberattacks, necessitating the development of robust cybersecurity awareness programs. Ultimately, a comprehensive cybersecurity awareness program is essential for schools to mitigate risks, enhance ...
11 months ago Securityzap.com
Eight Cybersecurity Trends To Watch For 2024 - Michelle Drolet is CEO of Towerwall, a specialized cybersecurity firm offering compliance and professional cybersecurity solutions. In 2024, for cybersecurity, we're entering an era where advanced AI tools and intricate social engineering tactics are ...
1 year ago Forbes.com
Navigating the Cybersecurity Skills Gap in Critical Infrastructure - Addressing the cybersecurity skills gap stands out as a paramount challenge in fortifying companies' cyber resilience today. Transforming the educational system to align with the modern requirements of cybersecurity professionals or retraining ...
10 months ago Cybersecurity-insiders.com
Cybersecurity Workshops for Students - Cybersecurity workshops for students serve as an effective means to educate and empower the younger generation in protecting their digital assets. With proper planning and organization, cybersecurity workshops enable students to navigate the digital ...
1 year ago Securityzap.com
Cybersecurity Training for Small Businesses - The importance of cybersecurity training for small businesses cannot be overstated in today's increasingly digital world. In conclusion, cybersecurity training is essential for small businesses to protect themselves against cyber threats. There are ...
10 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)