Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


According to a report by Synopsys, 97% of software and systems targets tested during 2020 were found to contain a vulnerability. Furthermore, 30% of the targets had high-risk vulnerabilities, which threat actors could exploit to access high-value resources, and 6% had critical-risk vulnerabilities, which could allow attackers to execute code and breach critical data on a web or mobile application or application servers.

Insecure data storage and communication vulnerabilities plague mobile applications. Eighty percent of the discovered vulnerabilities in the mobile tests were related to insecure data storage. These vulnerabilities could allow an attacker to gain access to a mobile device either physically (i.e., accessing a stolen device) or through malware. Fifty-three percent of the mobile tests uncovered vulnerabilities associated with insecure communications.

Moreover, application and server misconfigurations represented 21% of the overall vulnerabilities, 19% of the vulnerabilities identified were related to broken access control, and 28% of the total test targets had some exposure to cross-site scripting (XSS) attacks, which is one of the most prevalent and destructive vulnerabilities impacting web applications. Because many XSS vulnerabilities occur only when the application is running, the best approach to security testing is to leverage a broad spectrum of tooling solutions to ensure that an application or system is secure.

Synopsys Application Security Testing Services 2020 by the Numbers. Number of test targets: 2,573. Number of tests: 3,937. Tests that uncovered vulnerabilities: 97%. Number of tests with high or critical severity vulnerabilities: 36%. Total number of vulnerabilities discovered: 28,501. Top vulnerability discovered: missing content-security-policy header at 52%. Top high-risk vulnerability discovered: stored cross-site scripting (XSS). Top critical vulnerability discovered: SQL injection at 3%. Types of tests include web app pen testing at 67%, web app dynamic analysis at 16%, mobile app analysis at 12%, source code analysis at 2%, and network security pen testing at 2%.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

The industries represented in the tests included software and internet, financial services, business services, manufacturing, media and entertainment, and health care. Of the tested targets, 83% were web applications and systems, 12% were mobile apps, and the remainder were either source code or network systems or applications. Considering that these industries are heavily reliant on software, it’s crucial to prevent identified software vulnerabilities from severely impacting business.

The data was compiled based on 3,937 tests performed by Synopsys security consultants during customer engagements and include penetration testing, dynamic application security testing, and mobile application security analyses — all designed to confront running applications in the same fashion as a real-world attacker.

Read the full report by Synopsys.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.