2019 Web Application Security Report

Every year, Acunetix crunches data compiled from Acunetix Online into a vulnerability testing report that portrays the state of the security of web applications and network perimeters. This year’s report contains the results and analysis of vulnerabilities detected over the previous 12 months, across 10,000 scan targets.

Cross-site Scripting (XSS) vulnerabilities, vulnerable JavaScript libraries, and WordPress related issues were found to each claim a significant 30% of the sampled targets. This result continues to reinforce the argument that web applications are both a viable attack vector for attackers and present a low barrier to entry.

In addition, it’s becoming clearer that vulnerabilities such as SQL injections – which have been wreaking havoc for years all over the internet – are finally falling in numbers. While this is positive, we also see how other serious vulnerabilities are rising in frequency. Cross-site Scripting (XSS) vulnerabilities claim a major slice of the pie. And it is worrying that a significant amount of targets also include JavaScript libraries with known vulnerabilities in them. These instances constitute a very serious concern for client-side security as a whole.