A new survey shows that while 75% of organizations have made strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerization, and 78% have increased their security budgets, only 2% of industry experts are confident in their security strategies.

The 2023 State of Web Application Security report by OPSWAT, utilized responses from an online survey of more than 400 executive leaders, managers and senior contributors.

In today's evolving landscape of web application security, organizations are looking to adapt and fortify their infrastructure, particularly with the rise of hybrid work environments. Recognizing the need for enhanced productivity and scalable solutions, most organizations have embraced public cloud hosting for their web applications, with 97% already employing or planning to implement containerization.

The use of applications utilizing storage services has also increased with these infrastructure upgrades, elevating concerns around file-based malware.      

Key report highlights

• 62% of organizations use five or less antivirus engines to detect malicious file uploads. This indicates a potential vulnerability, as deploying more engines can significantly strengthen an organization's defense against advanced malware.  
• Large organizations are more likely to use Content Disarm and Reconstruction (CDR). This trend can be attributed to the higher volume of files handled by these organizations, making them more susceptible to cyberattacks. However, small and medium-sized organizations can also greatly benefit from adopting CDR as a proactive measure against evolving cyber threats.
• 98% of organizations would benefit from additional prevention-based approaches. These include periodic analysis of all file repositories in their web applications for malware, detection of vulnerabilities in running virtual machine containers and prevention of data exfiltration by redacting or blocking sensitive data.