The State of Web Application Security Testing 2024
July 08, 2024

"In the modern IT ecosystem, each SaaS instance, DevOps service, and hardware device has a web interface. Generative AI is also now creating many more of these interfaces, resulting in thousands of exposed web applications for large enterprises. Despite this fact, most security teams only test monthly at best," said Rob Gurzeev, CEO and co-founder, CyCognito. "And when they do test, coverage is severely limited, ranging from 5% to 13%, due to outdated testing methods. This result is that many applications are left vulnerable. Our research clearly underscores that automating testing processes are absolutely critical to ensuring robust protection against evolving cyber threats."

The 2024 State of Web Application Security Testing report from CyCognito, based on a survey of 349 US and UK cybersecurity professionals, found the following:

Web application attack surfaces are large and growing

Organizations maintain dozens, often hundreds of custom web apps, developed in-house and by third-party partners.

Web applications change frequently

Over 60% update web applications weekly or more often.

Web application security incidents and breaches are common

More than one-third of respondents (35%) experience a significant security event involving a web app at least once a week, while more than one-quarter (26%) experience a major incident that often.

Web application security testing is conducted infrequently and coverage is lacking

Nearly 75% test their web applications monthly or less often, leaving more than 40% of the attack surface untested.

Large web application environment is difficult to test

70% said the number of web applications in their environment was too large for adequate testing. Other top-ranked inhibitors to adequate web application testing include the volume of APIs in production environments (cited as a large or very large blocker by 67%) and the time required to test and monitor changes (66%).

Remediation is a struggle

More than half of respondents (53%) indicated difficulties remediating vulnerabilities uncovered by web application testing.

Leaders feel urgency to improve testing

65% are planning to increase automation within their web application security testing workflows. Looking to the future, they are interested in creating efficiencies. They are also interested in building out continuous testing capabilities.

Share this

Industry News

Check Point Software Named a Leader in Enterprise Firewall Solutions Evaluation, According to Independent Research Firm
October 03, 2024

Check Point® Software Technologies Ltd. announced its position as a leader in The Forrester Wave™: Enterprise Firewalls, Q4 2024 report.

Sonar Introduces AI Code Assurance and AI CodeFix
October 03, 2024

Sonar announced two new product capabilities for today’s AI-driven software development ecosystem.

Redgate Announces Product Portfolio Updates
October 03, 2024

Redgate announced a wide range of product updates supporting multiple database management systems (DBMS) across its entire portfolio, designed to support IT professionals grappling with today’s complex database landscape.

Elasticsearch Open Inference API and Playground Support Google Cloud Vertex AI Platform
October 03, 2024

Elastic announced support for Google Cloud’s Vertex AI platform in the Elasticsearch Open Inference API and Playground.

Progress Awards 7 Scholarships for 2024 Women in STEM Scholarship Series
October 02, 2024

Progress announced the recipients of its 2024 Women in STEM Scholarship Series.

SmartBear Integrates LoadNinja with TestComplete
October 02, 2024

SmartBear has integrated the load testing engine of LoadNinja into its automated testing tool, TestComplete.

Check Point Software Completes Cyberint Acquisition
October 01, 2024

Check Point® Software Technologies Ltd. announced the completion of its acquisition of Cyberint Technologies Ltd., a highly innovative provider of external risk management solutions.

Lucid Software Expands Visual Collaboration Suite and Enhances Agile Workflows
October 01, 2024

Lucid Software announced a robust set of new capabilities aimed at elevating agile workflows for both team-level and program-level planning.

Perforce Announces Hadoop Service Bundle
October 01, 2024

Perforce Software announced the Hadoop Service Bundle, a new professional services and support offering from OpenLogic by Perforce.

CyberArk Completes Acquisition of Venafi
October 01, 2024

CyberArk announced the successful completion of its acquisition of Venafi, a provider of machine identity management, from Thoma Bravo.

Inflectra Releases AI-Powered SpiraApps
October 01, 2024

Inflectra announced the launch of its AI-powered SpiraApps.

Synopsys Software Integrity Group Rebranded as Black Duck Software
October 01, 2024

The former Synopsys Software Integrity Group has rebranded as Black Duck® Software, a newly independent application security company.

Check Point Software Recognized as a Visionary in Endpoint Security in 2024 Gartner Magic Quadrant for Endpoint Protection Platforms
September 30, 2024

Check Point® Software Technologies Ltd. announced that it has been recognized as a Visionary in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.

Harness Expands Strategic Partnership with Google Cloud
September 30, 2024

Harness expanded its strategic partnership with Google Cloud, focusing on new integrations leveraging generative AI technologies.

OKX OS Released
September 30, 2024

OKX announced the launch of OKX OS, an onchain infrastructure suite.

More Industry News