A report released recently from Positive Technologies found vulnerabilities in every web app it tested. These apps contained large amounts of custom code developed especially for the companies that own them. When considering the severity level, 94% of all these web apps contained at least one high-severity vulnerability. This kind of information makes an organization’s website a critical weak point for attacks.
Greatest Risk in Finance Web Apps
Finance web applications made up 46% of those web apps tested. A high-severity vulnerability was found in every single banking or financial web app tested. Hackers target financial and government web apps more than others, so this report makes that figure even more alarming. A lot of complexity goes into create a financial web app, making it more likely for bugs to exist within the code without being found. Coming in behind financial apps, 83% of government web apps and 75% of e-commerce web apps contained vulnerabilities.
Greatest Threat is Attacks on Users
Vulnerabilities that target users of these web applications make for the greatest risk. Of the vulnerabilities found in the tested apps, 85% of them provided a means for an attacker to target users. These attacks include cross-site scripting, HTTP response splitting, open redirect, and cross-site request forgery. Cross-site scripting opens web application users up to phishing attacks or install malware on the user’s computer.
What Can You Do?
If you’re a web developer working on a custom web application, perform thorough testing on your work. Since most people reading this article are likely only users, there’s only so much you can do. Users should research the company providing the web application, its security policies, and how they handle data breaches. Only hand over your personal data to companies that you know are reputable.
Lastly, on your end, make sure that you have security software and hardware installed to block attacks before they start. Pit Crew IT Services can help you if you’re not sure where to begin. Just request a free consultation to get started using the button below.