+1 866 537 8234 | +91 265 6133021

Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Blog Home  »  Web Application Security   »   20 Website Security Stats from 2016

Managed WAF

Starts at $99

Guided onboarding, monitoring of latency, false positives, and DDoS attacks, custom rules, and more

Try Free For 14 Days

20 Website Security Stats from 2016

Posted DateAugust 30, 2016
Author Bio
Posted Time 3   min Read

What a year it has been so far. With millions of records stolen and thousands of dollars spent in covering from breaches and downtime, what do we get to learn about website security lapses this year? Indusface brings you the most influential security numbers from this year so far.

Data Breaches

1. More than 27 million records were stolen in 622 breach incidents until now.

2. Over 43% of all data breaches targeted the business sector.

3. ADP, one of the largest provider of human resources management software and services, faced the biggest breach that affected 640,000 companies. Hackers were able to access users’ personal data through the vulnerable customer portal.

4. The average consolidated total cost of a data breach is $4 million; this includes the cost of lost business, brand reputation damage, and so forth.

5. This year’s average cost incurred for each lost or stolen record has jumped to $158 as opposed to $154 last year.

Observations: In just eight months, global companies have lost more than 27 million personal records. Businesses are definitely at higher risks due to financial and rivalry incentives in the sector. They need powerful mechanisms to secure their data. Every publically-declared breach leads to loss of business and reputation damage.

Layer 7 DDoS Attacks

6. Today, browser-based bot DDoS attacks can bring down an average server down with less than 1000 requests in a second.

7. In most of the recent attacks, website security experts have found that the bots are capable of accepting cookies and even execute JavaScript to mimic human behavior.

8. The cost of application DDoS attacks is going down significantly in the last few years.

9. It can take up to 15 employees to mitigate DDoS attacks.

10. Application-layer DDoS can also last for days.

Observations: Traditionally, companies were wary of only Layer 4 (Network) Distributed denial-of-service attacks. However, Layer 7 (Application) DDoS has emerged as a prominent automated attack threat that abuses limitations in server application memory and performance. In fact, it does not require the same level of skill or resources as the network layer.

Website Security Scan, WAF, and Layer 7 DDoS Protection in Trial

Application Layer Vulnerabilities

11. SQL Injection is the most common ‘Critical’ vulnerability found by Indusface Web Application Scanning.

12. Amongst ‘High’ severity vulnerabilities, 91% were Cross-Site Scripting.

13. SANS Institute’s State of Application Security 2016 reports Java and .Net as the riskiest languages for the number of vulnerabilities found in them.

14. It also claims that 25% of businesses take 8 to 30 days to patch a vulnerability.

15. And only 13% use virtual patching while 51% wait until finding the root cause and then patching it there.

16. Mere 11% of companies are satisfied with the speed of their vulnerability repair.

17. 38% of respondents chose a lack of app sec skills, tools, and methods as the biggest challenge.

18. Also, 37% chose lack of funding or management buy-in as the biggest challenge.

19. More than half of the companies find 1-25 vulnerabilities in their application.

20. Surprisingly, 6.5% of companies report more than 1000 vulnerabilities monthly in the same report.

Observations: The application layer is one of the most cited reasons behind sensitive information exposure and website downtime. Companies simply cannot invest massive amounts in website penetration testing and scanning to find vulnerabilities and then wait for the root cause to be fixed.

Additionally, businesses need to differentiate server vulnerabilities within their applications and business logic flaws that are exclusive to every application. Attackers now use automated techniques to exploit logical issues for credential stuffing, carding, and more. Ironically, these severe business logic flaws aren’t listed in OWASP Top 10 or in any other top issue list or dictionary.

web application security banner

Data Sources:

  • -Indusface Total Application Security Data
  • -Indusface Blog
  • -SANS Institute State of Application Security 2016
  • -Identity Theft Resource Center Stats
  • -Kaspersky DDoS Intelligence Report

 

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Tags:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

What is penetration testing?
Penetration Testing: A Complete Guide

Penetration Testing, also called pen testing, is a process to identify, exploit, and report vulnerabilities in applications, services, or operating systems.

Read More
Indusface How to Maintain Security with Remote Workers
How Do You Maintain Secure Remote Working?

79% of organizations agreed that remote working had negatively impacted their cybersecurity. You must be prepared to address remote work security risks. Follow these best practices for secure remote working.

Read More
Web Vulnerability Scanning
How Indusface Web Vulnerability Scanner Works?

The average cost of data breaches in 2021 stands at a massive USD 4.24 million! What makes data breaches and cyber-attacks possible is the presence of unpatched/ unprotected vulnerabilities on the website/ web application. Vulnerabilities provide gateways to attackers to.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!