OTTAWA, ON, Jan. 19, 2023 /PRNewswire/ - The media industry is at higher risk of cyber attack. According to the newly released State of Penetration Testing as a Service report, an average of 3.75 critical vulnerabilities were found for every MediaTech application tested in 2022. During the same period, the data & analytics industry came second with an average of 1.5 critical vulnerabilities found per client application. Across all industries, 0.9 critical vulnerabilities were identified per client application.
Critical vulnerabilities are the most severe form of application security risk, and include categories of vulnerabilities such as SQL injection (SQLi), remote code execution (RCE), command injections, and unauthorized administrative host/application access. The "OWASP Top 10" also defines a list of the most common and severe vulnerabilities facing software applications today.
Companies facing critical vulnerabilities are at high risk as these issues are easily exploitable and will have significant damaging effects if exploited by a malicious hacker. Negative consequences include unauthorized release of confidential information, access to sensitive customer data, and access to control internal systems. As such, most companies are recommended to fix these within a maximum of 5 days after discovery.
Software Secured, an Ottawa-based penetration testing firm, released the report based on insights from their client testing in 2021 and 2022. The goal of the report is to help leaders of security and compliance teams understand the most prominent risks facing their software within the next year. Included within the report are explanations on the identified threats and recommendations for companies to stay ahead of hackers. Some other insights gained from their reporting include:
- Increase in critical-level SQL injection attacks by 250% compared to 2021
- Increase in high-severity Denial of Service (DoS) attacks by 133% compared to 2021
- Cross-site scripting (XSS) findings remain the most common critical vulnerability for two years in a row
Penetration testing as a service (PTaaS) is a comprehensive security assessment that is proven to help companies secure their applications, significantly decreasing the likelihood of cyber attacks
Download the full 2022 State of Penetration Testing as a Service report here.
For more information or questions, please visit us online at softwaresecured.com or contact us with the information below:
SOURCE Software Secured