The growing tsunami of application-specific and web-application threats continues to be a challenge for global enterprises. According to a new analysis from NTT Application Security, 50% of all websites were exposed to at least one severe exploitable vulnerability in 2021.

The report is the result of an in-depth examination of data from more than 15 million application security scans conducted by organizations in 2021 — a year that will undoubtedly go down in history as one of the most significant in terms of the broader cybersecurity landscape.

A struggle to respond

The insights provide tangible takeaways for security teams to secure web applications that power their businesses.

The Colonial Pipeline hack, President Biden’s Executive Order on “enhancing the nation’s cybersecurity,” and the ongoing Log4j repercussions all have thrust application security to the forefront of everyone’s awareness this year.

Despite the increased push to rectify security flaws in public and private sector applications, evidence suggests that this has unintentionally resulted in a negative outcome, as “fire-drill” remediation initiatives appear to be a tradeoff with existing remediation efforts rather than an addition to them.

Changing times

With the accelerated adoption of innovative solutions that enable developers to build and deploy essential features rapidly, these developments have pushed the industry to a turning point in handling application vulnerability scans.

Different types of vulnerabilities and their percentages across various online apps are depicted in a bar graph. The most common problem is information leakage, accounting for 43.4% of all cases, followed by inadequate session closure (32.5%) and poor transport layer security (24.2%).

Throughout 2021, the financial and insurance business had the lowest percentage of sites constantly exposed (43%), while the professional, academic, and technical services sector had the highest rate of sites perennially exposed (65%).