A recent study conducted by Kaspersky Security Assessment experts between 2021 and 2023 highlighted vulnerabilities in corporate web applications developed in-house.
Description
The study revealed that these vulnerabilities were related to access control flaws, data protection failures [1] [2] [3], and SQL injections [1] [2] [3]. These issues could potentially result in unauthorized access, data manipulation, or deletion [1], posing significant risks to sensitive information such as passwords, credit card details [1], and personal data [1]. Access control flaws and data protection failures were found in 70% of the examined applications [2], with weak user passwords accounting for 78% of high-risk vulnerabilities. The study’s findings align with the OWASP Top Ten rating categories [2] [3], underscoring the importance of addressing these vulnerabilities to protect confidential data and prevent security breaches. To mitigate risks [2] [3], the Kaspersky team recommended implementing secure software development practices [2] [3], conducting regular security assessments [1] [2] [3], and deploying monitoring mechanisms [1] [2] [3].
Conclusion
Addressing vulnerabilities in corporate web applications is crucial to safeguard sensitive data and prevent security breaches. By implementing secure software development practices [2] [3], conducting regular security assessments [1] [2] [3], and deploying monitoring mechanisms [1] [2] [3], organizations can mitigate risks and enhance their cybersecurity posture for the future.
References
[1] https://vmblog.com/archive/2024/03/12/access-control-and-data-exposure-flaws-prevalent-in-corporate-web-applications-kaspersky-study-finds.aspx
[2] https://ciso2ciso.com/study-reveals-top-vulnerabilities-in-corporate-web-applications-source-www-infosecurity-magazine-com/
[3] https://www.infosecurity-magazine.com/news/top-vulnerabilities-corporate-web/
