Quote:Web-facing applications continue to be one of the highest security risks present for organizations, with more than 40 percent of them actively leaking data in a way that can have a ripple affect across businesses and their partners, research has found.
Moreover, manufacturing is particularly vulnerable to attacks through these apps, with 70 percent of applications having at least one serious vulnerability open over the previous 12 months, researchers found.
That’s according to a report from app-security firm WhiteHat Security, “AppSec Stats Flash Volume 3,” which outlines how the increased prevalence of applications that are exposed to the internet through web, mobile and API-based interfaces has increased the attack surface and thus the security risk for organizations and their supply chains across the board.
Among the findings of the report include a consistent characterization of the top five vulnerabilities found in internet-facing apps in the last three months, researchers found. Those flaws are: Information leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection and content spoofing.
Cloud applications are currently driving the global economy, especially in a post-pandemic world in which business is increasingly done over the internet. However, more web-based applications and data in the cloud also means a higher risk of data breaches: Applications are increasingly polymorphic, with access through web, mobile and API-based interfaces. That makes application security a multi-dimensional challenge, researchers said.
“We continue to find that window of exposure, a key measure of exploitability remains very high,” Setu Kulkarni, vice president of strategy at WhiteHat, told Threatpost in an email. “What that means is that web-facing applications and APIs continue to have serious exploitable vulnerabilities throughout the year.”
Read more: Manufacturing's Cloud Migration Opens Door to Major Cyber-Risk | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
