Acunetix Web Application Vulnerability Report 2020

The 2020 edition of the Acunetix Web Application Vulnerability Report contains a statistical data analysis for web vulnerabilities and network perimeter vulnerabilities.

Some interesting insights from this years’ study include:

• The total number of web and network perimeter vulnerabilities decreased from 2019, but the state of web security is still far from perfect.
• Relatively new scan targets had more vulnerabilities than others.
• More than 25% of web applications have at least one high-severity vulnerability.

Some selected vulnerabilities this year (and the change percentage comparing to 2019):

• Remote code execution (RCE): 3% (↑ from 2% in 2019)
• SQL Injection (SQLi): 8% (↓ from 14% in 2019)
• Directory traversal: 4% (↑ from 2% in 2019)
• Cross-site Scripting (XSS): 25% (↓ from 33% in 2019)
• Vulnerable JavaScript libraries: 33% (↓ from 36% in 2019)
• Server-side Request Forgery (SSRF): 1% (1% in 2019)
• Cross-site Request Forgery (CSRF): 36% (↓ from 51% in 2019)
• Host header injection: 2.5% (↓ from 4% in 2019)
• WordPress vulnerabilities: 24% (↓ from 30% in 2019)

You can find the full Acunetix Web Application Vulnerability Report 2020 here.

Our engineers are ready to help you secure your systems. Please contact us now.