A new study on Web application vulnerabilities by security software firm Contrast Security shows that sensitive data exposure affects 69% of these applications and is responsible for 26% of all vulnerabilities.
Some 80% of applications contain at least one flaw, with an average of 45 vulnerabilities per application: 55% are affected by cross-site request forgery and 37% suffered from security misconfiguration.
"All of these vulnerabilities have been documented in the OWASP (Open Web Application Security Project) Top Ten for over a decade, yet they're obviously still a major problem," said Jeff Williams, co-founder and CTO of Contrast Security.
On comparing application vulnerabilities across Java and .NET, researchers discovered that cross-site request forgery had a higher occurrence rate in Java applications (69%) as compared to .NET (31%). Additionally, .NET applications suffered from fewer injection flaws (17%) than Java (38%).
"Insecure code has become the leading security risk and, increasingly, the leading business risk as well," Williams said.
The full survey is here.