Web Application Vulnerability Statistics of 2012

Web Application Vulnerability Statistics of 2012 Research done on 300 + Customers 5000+Applications HOW WAS THE STUDY CONDUCTED? The study was conducted on the vulnerability data of web applications tested by iViZ in 2012 Europe 25% USA 40% In total more than 5000 application vulnerability from 300+ customers distributed globally has been considered as part of the sample Asia 25% data. Our study comprised of 25% apps from Asia, 25% apps from Europe & 40% apps from USA. KEY FINDINGS OF OUR STUDY 99% 90% 82% 30% of web of web applications have incidents are at least 1 vulnerability of hacking 30% of the hacked applications have atleast 1 organizations knew the vulnerability beforehand not reported publicly high/critical vulnerability RETAIL IS MOST 35 IS THE AVERAGE NUMBER OF VULNERABLE,BANKING IS MOST SECURITY VULNERABILITIES PER SECURE INDUSTRY VERTICAL WEBSITE Retail 56 78 80 Education 51 70 IT 35 60 Healthc are 32 50 Telecom 29 40 35 Manfacturing 27 30 26 | 12 20 BFSI 10 10 20 30 40 50 60 Average Number of Vulnerabilities per application Large Medium Small Website CROSS SITE SCRIPTING IS THE #1 APPLICATION VULNERABILITY Cross Site Scripting 65% 51% Information Leakage Content Spoo fing 31% Insufficient Authorisation 26% Cross Site Request Forgery 25% 0 10 20 30 40 50 60 70 Percentage of Websites containing the "Type of Vulnerability" THE CUSTOMER APPS FROM US AND EUROPE Correlation 0.2 HAD LOWER VULNERABILITY DENSITY HAS Coefficient COMPARED TO THE CUSTOMER APPS FROM APAC 50 47 48 iViZ observed very low correlation between Security and Compliance. This once again proves that compliance and security is not synonymous 40 37 33 30 20 10 United States Europe Middle East Asia Pacific BUSINESS LOGIC FLAWS WERE THE MOST NEGLECTED VULNERABILITIES AND HAS THE HIGHEST BUSINESS IMPACT 5 COMMON BUSINESS LOGIC FLAWS Weak Password Recovery Abusing Discount logic or coupons Denial of service using Business Logic Price manipulation OTP (One time Password) bypass CLICK HERE TO DOWNLOAD FREE REPORT! ¡VIZ 300+ Global Enterprises use iViZ's Cloud based Application Penetration Testing, Zero False Positive Guarantee,Business Logic Vulnerability Testing,Unlimited Testing at Flat Fee intelligent vision TOP 5 APPICATION VULNERABILITY