Synopsys
Synopsys Appoints Ann Minooka as Chief Marketing Officer
Synopsys, Inc. (Nasdaq: SNPS) today published the “Software Vulnerability Snapshot: The 10 Most Common Web Application Vulnerabilities.” The report examines the results of 4,300 security tests conducted on 2,700 software targets, including web applications, mobile applications, source code files, and networks systems (i.e., software or systems). The majority of the security tests were intrusive “black box” or “gray box” tests, including penetration testing, dynamic application security testing (DAST), and mobile application security testing (MAST), designed to probe running applications as a real-world attacker would.
This year’s Software Vulnerability Snapshot report examines prevalence of vulnerabilities identified by Synopsys Application Security Testing Services and Synopsys Cybersecurity Research Center
Eighty-two percent of the test targets were web applications or systems, 13% were mobile applications, and the remainder were either source code or network systems/applications. Industries represented in the tests included software and internet, financial services, business services, manufacturing, consumer services, and healthcare.
In the 4,300 tests conducted, 95% of the targets were found to have some form of vulnerability (a 2% decrease from last year’s findings). Twenty percent of the targets had high-risk vulnerabilities (a 10% decrease from last year), and 4.5% had critical vulnerabilities (a 1.5% decrease from last year).
The results demonstrate that the best approach to security testing is to utilize the wide spectrum of tools available including static analysis, dynamic analysis, and software composition analysis to help ensure an application or system is free from vulnerabilities. For example, 22% of the total test targets had some exposure to a cross-site scripting (XSS) vulnerability, one of the most prevalent and destructive high-/critical-risk vulnerabilities impacting web applications. Many XSS vulnerabilities occur when the application is running. The good news is that the exposure identified in this year’s findings were 6% lower than last year’s findings—meaning that organizations are taking proactive measures to mitigate XSS vulnerabilities in their production applications.
“This research underscores that intrusive black box testing techniques like DAST and pen testing are particularly effective for surfacing exploitable vulnerabilities in the software development lifecycle and should be part of any well-rounded application security testing regimen,” said Girish Janardhanudu, vice president, security consulting at Synopsys Software Integrity Group.
Additional report highlights
To learn more, download the “Software Vulnerability Snapshot: The 10 Most Common Web Application Vulnerabilities” or read the blog post.
About the Synopsys Software Integrity Group
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software. Learn more at www.synopsys.com/software.