[Synopsys IP Resources] 97% of tested applications have security vulnerabilities. Is your software secure?

arui1999

[Synopsys IP Resources] 97% of tested applications have security vulnerabilities. Is your software secure? [Copy link]

Synopsys recently released the "2021 Software Vulnerability Snapshot: An Analysis by Synopsys Application Security Testing Services" (hereinafter referred to as the report).

The report shows that out of 3,900 tests, 97% of the targets tested had some form of vulnerability, of which 30% were high-risk vulnerabilities and 6% were serious-risk vulnerabilities. The results show that the best approach to security testing is to use widely available tools to help ensure that applications or systems are free of vulnerabilities.

28% of test targets have been attacked by cross-site scripting (XSS). This is one of the most common and damaging critical risk vulnerabilities affecting web applications. Many XSS vulnerabilities only appear when the application is running.

76% of the tested targets have the top ten vulnerabilities disclosed by OWASP (Open Web Application Security Project) in 2021. Among them, application and server configuration errors account for 21%, which belong to the category of OWASP A05: 2021-Security Misconfiguration. Another 19% of the vulnerabilities are related to the category of OWASP A01: 2021-Access Control Invalidation.

The two major risks of mobile applications are insecure data storage and communication vulnerabilities. In mobile device security testing, 80% of the vulnerabilities are related to insecure data storage. Attackers can either physically access the mobile device or use malware to enter the device. Another 53% of the vulnerabilities are related to insecure communication methods.

Read more...