CyberSecurityBoard
Sponsor Register Login

Study Reveals Top Vulnerabilities in Corporate Web Applications

A recent study conducted by Kaspersky Security Assessment experts has revealed the most prevalent vulnerabilities in corporate web applications developed in-house.
Spanning the years between 2021 and 2023, the study identified numerous flaws, predominantly in the realms of access control and data protection, across a significant number of applications.
Of particular concern were vulnerabilities related to SQL injections, constituting the highest proportion of high-risk vulnerabilities discovered.
These web applications serve as integral components of organizations' online infrastructure, facilitating various services and interactions with users.
Vulnerabilities in these applications pose significant risks to enterprises, potentially exposing sensitive data or allowing unauthorized access.
Among the vulnerabilities identified, access control flaws and failures in data protection were prevalent, accounting for 70% of examined applications during the study period.
These vulnerabilities can lead to unauthorized access or the exposure of sensitive information, emphasizing the need for robust security measures.
Oxana Andreeva, a security expert at Kaspersky, highlighted the significance of considering the potential consequences of these vulnerabilities, which vary in severity.
Weak user passwords also posed a significant risk, with 78% of vulnerabilities falling into this category categorized as high-risk.
Notably, despite the prevalence of weak passwords, only 22% of web applications studied were found to have this vulnerability, suggesting potential gaps between test versions and live systems.
The study's findings, which align with the OWASP Top Ten rating categories, underscore the importance of addressing these vulnerabilities to safeguard sensitive data and protect web applications and associated systems from compromise.
To mitigate these risks, the Kaspersky Security Assessment team recommended implementing secure software development practices, conducting regular security assessments and deploying monitoring mechanisms to detect and respond to potential threats promptly.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 12 Mar 2024 17:45:32 +0000


Cyber News related to Study Reveals Top Vulnerabilities in Corporate Web Applications

Study Reveals Top Vulnerabilities in Corporate Web Applications - A recent study conducted by Kaspersky Security Assessment experts has revealed the most prevalent vulnerabilities in corporate web applications developed in-house. Spanning the years between 2021 and 2023, the study identified numerous flaws, ...
9 months ago Infosecurity-magazine.com
CVE-2015-2165 - Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) ...
5 years ago
Surge of swatting attacks targets corporate executives and board members - At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would ...
1 year ago Csoonline.com
Sensitive data loss is due to lack of encryption - In an era where data is the lifeblood of businesses, safeguarding sensitive information has become paramount. Cybersecurity lapses have historically been a cause of data breaches, but a recent study sheds light on a new dimension of vulnerability - ...
1 year ago Cybersecurity-insiders.com
Top 42 Cybersecurity Companies You Need to Know - As the demand for robust security defense grows, the market for cybersecurity technology has exploded, as have the number of available solutions. To help you navigate this growing market, we provide our recommendations for the world's leading ...
1 year ago Esecurityplanet.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
1 year ago Securityboulevard.com
ChatGPT 4 can exploit 87% of one-day vulnerabilities - Since the widespread and growing use of ChatGPT and other large language models in recent years, cybersecurity has been a top concern. ChatGPT 4 quickly exploited one-day vulnerabilities. During the study, the team used 15 one-day vulnerabilities ...
5 months ago Securityintelligence.com
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
8 months ago Bleepingcomputer.com
Research Shows 163% ROI with Palo Alto Networks Software Firewalls - Good news is here for cloud and network security professionals who need proven, cost-effective solutions that substantially reduce downtime and breaches across a range of cloud and virtualized environments. Palo Alto Networks software firewalls not ...
1 year ago Paloaltonetworks.com
Report Surfaces Extent of SaaS Application Insecurity - An analysis of how 493 organizations are employing software-as-a-service applications published today by Wing Security finds nearly all experienced a security incident involving at least one application. A full 81% reported security incidents ...
10 months ago Securityboulevard.com
Top 10 CISSP Stress-Busting Study Tips & Tricks - A little stress can actually help you focus and do better. Don't let it stop you from registering and sitting for your CISSP exam. CISSP certification is a smart investment in your future. As cybersecurity's premier credential, it consistently ranks ...
1 year ago Cybersecurity-insiders.com
Demystifying CASB and Its Role within SASE - SASE converges network and security capabilities to provide deep visibility, consistent security, and granular controls across the entire hybrid network. That's a lot of functionality, and confusion persists about what each element does as an ...
1 year ago Feeds.fortinet.com
Navigating Retail Disruption: Maximize Customer Centricity and Business Performance with Observability - Cisco Full-Stack Observability solutions help optimize and secure the applications that underpinonline and in-store experiences from the customer to the warehouse to economies of scale. Retailers can become more customer centric by taking action that ...
1 year ago Feedpress.me
Council Gives Green Light to Europe's Corporate Sustainability Due Diligence Directive - For most businesses, corporate responsibility has evolved from a peripheral concern to a core consideration. Today, with the Council's vote on the European Union Corporate Sustainability Due Diligence Directive, the EU took a significant step toward ...
9 months ago Feedpress.me
Empathy in Action: How Cisco Changes Lives with The Opportunity Platform - Cisco Blogs - So, we started working to create a program designed to welcome and support displaced individuals into Cisco, providing them with opportunities for a brighter future. Under the leadership of Adele Trombetta, CX SVP EMEA, Pastora Valero SVP Government ...
2 months ago Feedpress.me
How Secure Cloud Development Replaces Virtual Desktop Infrastructures - The need to secure corporate IT environments is common to all functions of organizations, and software application development is one of them. Development environments have notoriously complex setups and often require significant maintenance because ...
9 months ago Feeds.dzone.com
Hays Research Reveals the Increasing AI Adoption in Scottish Workplaces - Artificial intelligence tool adoption in Scottish companies has significantly increased, according to a new survey by recruitment firm Hays. The study, which is based on a poll with almost 15,000 replies from professionals and employers-including 886 ...
11 months ago Cysecurity.news
Netskope Report Surfaces Raft of Cybersecurity Challenges - A report published by Netskope today revealed that, on average, 29 out of every 10,000 enterprise users clicked on a phishing link each month in 2023. Based on anonymized usage data collected by the Netskope Security Cloud platform, the report also ...
11 months ago Securityboulevard.com
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
11 months ago Securityboulevard.com
Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps - Dozens of environments and hundreds of individual user accounts have already been compromised in an ongoing campaign targeting Microsoft Azure corporate clouds. The activity is in some ways scattershot - involving data exfiltration, financial fraud, ...
10 months ago Darkreading.com
Misconfiguration and vulnerabilities biggest risks in cloud security: Report - The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed ...
1 year ago Csoonline.com
Remote Rigor: Safeguarding Data in the Age of Digital Nomads - Because digital nomads are often accessing the web through less secure methods and from places that an organization simply cannot lock down, challenges abound to keep data secure. The allure of combining work with travel has not only changed the ...
5 months ago Securityboulevard.com
Gaining Insights on the Top Security Conferences - A Guide for CSOs - Are you a CSO looking for the best security events around the world? Well, you have come to the right place! This article is a guide to the top security conferences that offer essential security insights to help make informed decisions. Security ...
1 year ago Csoonline.com
What to do if your company was mentioned on Darknet? - Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention. While the darknet does facilitate the sale of diverse data types, for example, bank card information, driver licenses and ID photos, etc. ...
1 year ago Securelist.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)