Security News > 2020 > May > Web and network perimeter vulnerabilities slightly lower than 2019
Even with a 30% decline, web applications are still at risk and new scan targets have more vulnerabilities than others, according to a new Acunetix report.
While applications protected by web vulnerability scanning are becoming more secure, "relatively new targets have more vulnerabilities, according to the 2020 Acunetix Web Vulnerability Report.
Acunetix cited the 2019 Capital One breach, which was caused by a web vulnerability called SSRF. The report concludes that "We are very slowly going in the right direction. The number of vulnerabilities is decreasing, but only gradually. We are still far from being secure on the web - more than 25% of web applications have at least one high-severity vulnerability."
"Keeping a web application safe is much more difficult. Most vulnerabilities are not about which systems you use but how you use them. Web application vulnerabilities such as SQL Injection and remote code execution appear because of poor design and programming, even if you choose best-of-class software and components."
The Acunetix report analysis mainly applies to high and medium severity vulnerabilities found in web applications, as well as perimeter network vulnerability data from 5,000 randomly selected scan targets, the company said.