A recent study conducted by Kaspersky Security Assessment experts revealed the most widespread vulnerabilities in in-house developed enterprise web applications.
Covering the years 2021 to 2023, the study identified numerous vulnerabilities, mainly in the areas of access control and data protection, in a significant number of applications. SQL injection vulnerabilities were of particular concern, making up the highest proportion of high-risk vulnerabilities discovered.
These web applications are an integral part of organizations’ online infrastructure, facilitating various services and user interactions. Vulnerabilities in these applications pose significant risks to businesses, potentially exposing sensitive data or allowing unauthorized access.
Among the vulnerabilities identified, access control flaws and data protection failures were predominant, accounting for 70% of applications reviewed during the study period. These vulnerabilities can lead to unauthorized access or exposure of sensitive information, highlighting the need for robust security measures.
Oxana Andreeva, security expert at Kaspersky, stressed the importance of considering the potential consequences of these vulnerabilities, which vary in severity.
“For example, one vulnerability could allow attackers to steal user authentication data, while another could help execute malicious code on the server, each with varying consequences for business continuity and resilience” , Andreeva said.
“Our rankings reflect this consideration, drawing on our practical experience in conducting security analysis projects. »
Weak user passwords also pose a significant risk, with 78% of vulnerabilities falling into this category being classified as high risk. Notably, despite the prevalence of weak passwords, only 22% of web applications studied had this vulnerability, suggesting potential discrepancies between test versions and live systems.
The conclusions of the studywho align with OWASP Top 10 The rating categories highlight the importance of addressing these vulnerabilities to safeguard sensitive data and protect web applications and related systems from compromise.
To mitigate these risks, the Kaspersky Security Assessment Team recommended implementing secure software development practices, conducting regular security assessments, and deploying monitoring mechanisms to quickly detect and respond to potential threats.