The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it’s more than just a perception. Research from security companies, including CA Veracode, shows that there are more attacks than ever, and organizations have not caught up with the preventive measures needed to meet the challenge.
Web application attacks are the leading cause of confirmed breaches, according to Verizon. Meanwhile, Akamai found in its research for the State of the Internet Security Report that attacks on web applications increased by 69 percent from Q3 2016 to Q3 2017. The number one web application attack vector continues to be SQL injection, and SQL injection attacks increased by 62 percent year over year, Akamai reports.
What’s even more troublesome is that SQL injection, the number one application risk in the 2017 OWASP Top 10, is stubbornly difficult to eliminate. CA Veracode’s research, for our 2017 State of Software Security (SOSS) report, found that 28 percent of applications have a SQL injection vulnerability, a figure that hasn’t changed much over the past five SOSS reports.
As these grim statistics make clear, application security is more important than ever. Fortunately, among the takeaways from our SOSS report, is the fact that application security programs make a significant difference in reducing risk. For example, the OWASP pass rate of applications improved by 13 percent after the initial scan. And that improvement accelerates over time, with the most mature application security programs seeing a 35 percent better OWASP pass rate than organizations just starting out on their application security journey.
While the stakes couldn’t be higher, there are some lessons we can draw from the big application vulnerabilities, data breaches, and cyberattacks we witnessed in 2017. The infographic below offers key takeaways from four of the biggest cybersecurity stories of the last year, including ongoing cyberattacks on elections, the WannaCry ransomware, third-party breaches and insider attacks at HBO and Netflix, and the record-breaking breach of Equifax.
Our year in review infographic also includes security tips that can help organizations prevent these kinds of attacks and breaches in the future. For more information on best practices that can prevent vulnerabilities in your software, download our State of Software Security Developer Guide.