Application Security Intelligence Report for September 2019

In the month of September, there was a 40-percent increase in total cyberattacks compared to August, according to a Contrast Labs September 2019 AppSec Intelligence Report.

The three most common attack types in September:

SQL Injection

Carefully crafted inputs that alter the SQL queries an application uses in order to steal data or execute code.

Cross-site Scripting(XSS)

XSS attacks inject malicious scripts into benign and trusted websites.

Path Traversal

Attacks fool a web application into reading and consequently exposing the contents of files outside of the document root directory of the application or the web server.

Key findings include:

Custom Code Vulnerabilities: Applications had an average of six open, serious vulnerabilities in September.
Top Vulnerabilities by Code Language: Injection vulnerabilities dominated in September. Cross-Site Scripting was the most prevalent serious vulnerability for Java applications and in the top three for .NET and Node applications. SQL Injection and Command Injection vulnerabilities are the most common for .NET and Node applications, respectively.
Custom Code Attacks: The continued dominance of attacks on custom code, making up 99 percent of attacks. The top attacks on CVEs were CVE-2017-5638, CVE-2010-4467, and CVE-2017-9791. SQL Injection, Cross-Site Scripting, and Path Traversal attacks, the top attacks on custom code, each targeted 55 percent of applications.
Top Attack Vectors by Language: Injection attacks continued to dominate, with Java applications targeted the highest number of Command Injection attacks and .NET applications targeted by the highest number of SQL injection attacks.

Attacks By Geolocation

September saw attacks from 119 countries. The greatest number of attacks originated from the United States, India, the Netherlands, Canada, and the UK.

This report was summarised by data from attacks that Contrast Security observed over the previous months and highlights the key trends found.
www.contrastsecurity.com

Leave a comment

Contact Us
close slider

Are you looking for a quote or general enquiry? Please fill in the details below, we will get back to you in 24 hours.

error: Content is protected !!
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.