A recent study conducted by Kaspersky Security Assessment experts has revealed the most prevalent vulnerabilities in corporate web applications developed in-house.
Spanning the years between 2021 and 2023, the study identified numerous flaws, predominantly in the realms of access control and data protection, across a significant number of applications. Of particular concern were vulnerabilities related to SQL injections, constituting the highest proportion of high-risk vulnerabilities discovered.
These web applications serve as integral components of organizations’ online infrastructure, facilitating various services and interactions with users. Vulnerabilities in these applications pose significant risks to enterprises, potentially exposing sensitive data or allowing unauthorized access.
Among the vulnerabilities identified, access control flaws and failures in data protection were prevalent, accounting for 70% of examined applications during the study period. These vulnerabilities can lead to unauthorized access or the exposure of sensitive information, emphasizing the need for robust security measures.
Oxana Andreeva, a security expert at Kaspersky, highlighted the significance of considering the potential consequences of these vulnerabilities, which vary in severity.
“For instance, one vulnerability could enable attackers to steal user authentication data, while another could help execute malicious code on the server, each with varying degrees of consequences for business continuity and resilience,” Andreeva said.
“Our rankings reflect this consideration, drawing from our practical experience in conducting security analysis projects.”
Weak user passwords also posed a significant risk, with 78% of vulnerabilities falling into this category categorized as high-risk. Notably, despite the prevalence of weak passwords, only 22% of web applications studied were found to have this vulnerability, suggesting potential gaps between test versions and live systems.
The study’s findings, which align with the OWASP Top Ten rating categories, underscore the importance of addressing these vulnerabilities to safeguard sensitive data and protect web applications and associated systems from compromise.
To mitigate these risks, the Kaspersky Security Assessment team recommended implementing secure software development practices, conducting regular security assessments and deploying monitoring mechanisms to detect and respond to potential threats promptly.