WhiteHat Security released AppSec Stats Flash Vol. 4, the latest installment of the company's monthly report and podcast reflecting on the current state of application security and the wider cyber threat landscape.

Key insights and additional details on this month’s statistical data and findings include: 

  • Window of Exposure (WoE) is a major concern as applications remain increasingly vulnerable across all industries. To improve these metrics, security and DevOps teams must take a holistic approach to identifying, prioritizing, and remediating these vulnerabilities in a manner that configures all changes with the development controls in process.
  • This month's data shows that public administration is now more vulnerable than manufacturing as an industry. We find that 71% of apps in the public administration space now have a WoE of a full year. This means that 71% of apps in public administration have at least one serious exploitable vulnerability open throughout the year.
  • If we look not only at public administration but the group of industries who historically have not been online as their primary business, compared to the group of industries who have a longer history of being online. If we look at this month’s WoE data in comparison to WoE data we released in Vol. 1., it’s interesting to see that that group that has more experience of being online is seeing relative improvement and the group that has less experience being online is seeing some negative trends in terms of an increasing WoE. 
  • Industries with Largest Window of Exposure
    • Public Administration - 71%
    • Manufacturing - 69%
      • WhiteHat Analysis: “The Window of Exposure for the public administration and manufacturing sectors increased to 71% of public administrator applications and 69% of manufacturing applications reporting at least one serious vulnerability over the last 12 months.” – Zach Jones, Senior Director of Detection Research at WhiteHat Security
  • Highest Vulnerability per Site - Cross Site Scripting - 2.1
  • Highest Vulnerability Likelihood (Percent of Sites) - Information Leakage - 34.3%
    • WhiteHat Analysis: “Data shows Cross-Site Scripting sites have on average 2.1 vulnerabilities per site related to information leakage.” – Zach Jones, Senior Director of Detection Research at WhiteHat Security
  • Remediation Rates by Class (Percent of Findings Remediated) - XPath Injection - 100%
  • Industries with the Highest Time to Fix (Days)
    • Educational Services - 395.8
    • Utilities - 389.9

For more findings, please visit https://www.whitehatsec.com/appsec-stats-flash/