Skip to main content

Business apps are vulnerable, no exceptions

A high portion of web apps, in pretty much every industry, exhibit serious vulnerabilities at any given time, with the IT industry leading this infamous way.

Those are the results of a new and extensive survey conducted by security firm WhiteHat Security. It analysed data collected from tens of thousands of websites using WhiteHat Sentinel, and published the findings in the yearly report entitled Web Applications Security Statistics Report.

The report covers 12 industries in total, but IT with 17 vulnerabilities, education with 15 and retail with 13 are the most vulnerable ones.

It was also said in the report that these industries are very slow to react to a discovered vulnerability. It takes approximately 250 days for IT and 205 days for businesses to remedy such vulnerabilities.

“We’ve observed that organisations have hundreds, if not thousands, of consumer-facing web applications, and each of these web apps has anywhere from five to 32 vulnerabilities,” said Tamir Hardof, Chief Marketing Officer, WhiteHat Security.

“This means that there are thousands of vulnerabilities across the average organisation’s web applications. While this number is overwhelming, risk ratings can really help security teams prioritise which vulnerabilities they work on fixing first. Unfortunately, what this year’s report tells us once again is that organisations are not really relying on risk levels as a baseline to inform their application security strategies.”

Across all industries, a number of apps is constantly vulnerable, including 60 per cent in IT, 50 per cent in retail, 47 per cent in healthcare, 41 per cent in financial services, and 40 in banking.

Image Credit: Sergey Nivens / Shutterstock

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.