Invicti Security™, known for acquiring and combining AppSec pioneers Netsparker and Acunetix released the findings of its annual Spring AppSec Indicator Report.
As a pioneer in dynamic application security testing (DAST), interactive application security testing (IAST), and software composition analysis (SCA), Invicti Security commissioned the report to assess the impact and prevalence of modern web vulnerabilities.
Report findings
The Spring AppSec Indicator Report examines data from over 1.7 million scans and 1,700 Invicti customers and shares insights and trends to guide best practices in vulnerability identification and remediation.
Highlights include:
- Scanning is steadily increasing, up 50% from 2019 to 2022, as customers are scanning their web applications and APIs more often.
- The percentage of scans with a severe vulnerability declined 19% year over year. After steady increases in prior years, the percentage of scans with severe vulnerabilities declined by 19% from 2021 to 2022.
- Remote code execution (RCE) vulnerabilities show a significant increase, with the average percentage of apps with RCE flaws up 40% since 2022.
- The percentage of scans with severe cross-site scripting (XSS) vulnerabilities continues to decline, dropping 12% from 2021 to 2022.
Continuous security testing
Organisations are scanning a greater portion of their attack surface for vulnerabilities more frequently"
“This spring’s AppSec Indicator Report unveiled a key trend: Organisations are scanning a greater portion of their attack surface for vulnerabilities, and scanning them more frequently,” said Invicti’s Chief Product Officer, Sonali Shah.
“By automating testing of their web applications and APIs in development and production and quickly remediating issues found, companies are reducing the risk of a data breach. Continuous security testing is an indispensable feature of a successful AppSec programme.”
Report discussion
The report will be discussed in-depth at the 2023 RSA Conference. If attending, visitors can register to meet the team at booth #N-6265 or attend Invicti’s session, “2023 Vulnerability trends: a Deep Dive to Improve AppSec Programs,” at the Expo Briefing Center booth N-6545 on April 25th at 12:20 PM PT.
The company will also host a webinar about the AppSec Indicator’s findings on May 18th.
Learn why leading casinos are upgrading to smarter, faster, and more compliant systems
- Network / IP
- Remote surveillance
- Remote video surveillance
- Application security
- Industrial security
- Remote security
- Commercial security
- Security management
- Security policy
- Security devices
- Security installation
- Security tagging
- Security monitoring system
- Video analytics
- Remote video monitoring
- Industrial security systems
- Security software
- Security service
- Industrial surveillance
- Integration software
- Cyber security
- Crime prevention
- Crowd Management
- Corporate Security
- Central Monitoring
- Data Security
- Warning Devices
- Cloud security
