Home>>Top

The hottest Radware annual web application securit

2022-10-03

Detail

Radware annual web application security report

-- the epidemic has brought more security threats. API abuse, BOT traffic, and mobile application security are a headache for enterprises.

14:10:36 Author: Source: CTI forum comment: 0 Click:

after the acceleration of cloud migration in 2020, applications will face more network attack risks

recently, Radware, the world's leading provider of network security and application delivery solutions, released the web application security status report in

the report shows that it is difficult for global enterprises to maintain consistent application security across multiple platforms, and with the emergence of new architectures and the adoption of application programming interfaces (APIs), they have also lost visibility. A major factor contributing to these challenges is that the pandemic has brought about the mode of telecommuting and customer participation, and enterprises need to adjust quickly to adapt, which makes decision makers have little time to carry out adequate security planning

Michael Osterman of Osterman research company said: with the rapid migration to the cloud in 2020, we are surprised to find that unsafe mobile applications, Cloud Applications and APIs are widespread in enterprises

Gabi Malka, chief operating officer of Radware, said: more than 70% of the respondents said that their production applications have been far away from the data center, and ensuring the security and integrity of these data and applications has become more challenging, especially in a cloudy environment. The migration to the cloud, coupled with the increasing reliance on APIs and unsafe mobile applications, has become a blessing for criminals, allowing them to take a lead in network security. Respondents who have migrated to the public cloud and exposed several applications to APIs seem to understand the risks, while respondents who have not migrated to the cloud and have not adopted APIs are still complacent and do not seem to be aware of the crisis

the following are the main findings of the report:

API will be the next major threat, and enterprises will increasingly rely on Web applications in the form of API. API can handle various sensitive data types, such as user credentials, payment information, social security codes, etc. API abuse is expected to become the most common attack vector. Therefore, API security will be the most important vulnerability that needs to be repaired in 2021 for the products of 9 enterprises from the park to the market

nearly 40% of the surveyed enterprises said that more than half of the applications would be disclosed to the Internet or third-party services through API. About 55% of the surveyed enterprises will suffer DoS attacks against their APIs at least once a month, 49% of the surveyed enterprises will suffer injection attacks of some form at least once a month, and 42% of the surveyed enterprises will suffer component/attribute tampering at least once a month

enterprises are unprepared for BOT traffic. Because many enterprises are not ready to accurately manage BOT traffic, BOT management is also an important issue. Although web application firewall can provide important defense functions to detect and prevent attacks against APIs, robot program management tools can provide powerful defense measures against complex robot program attacks. These tools enable the security team to better deal with various threats and attacks

the report shows that only 24% of enterprises have deployed special solutions to distinguish between real users and robots. In addition, only 39% of the surveyed enterprises are very confident that they can deal with complex malicious bots

mobile applications are even more unsafe. In 2020, most information workers turned to home office, and most people also used mobile applications to expand the testing scope for entertainment, social networking, education and shopping. Therefore, mobile applications played an important role. However, mobile application development is extremely unsafe. This is because mobile applications are usually developed by third parties

this study found that only 36% of mobile applications are fully integrated with security, and most mobile applications have a low or no security factor (22%). Therefore, before the security of mobile applications is paid enough attention, we will see more and more serious attacks launched by using mobile channels. This in turn may bring greater pressure to enterprises, who must ensure the security of mobile applications and ensure that consumer data does not fall into the hands of hackers

security personnel are not the main decision makers. Although various threats are listed in the report, security is not the first consideration in application development practice. In about 90% of the surveyed enterprises, security personnel are not the main influencing factor of application development architecture or budget. About 43% of the enterprises surveyed said that security should not interrupt the automation of the end-to-end release cycle. This leads to a situation where the person in charge of security has little control over how applications are developed

ddos attacks will not die out. The most common BOT attacks are different forms of denial of service attacks. About 86% of enterprises said they had suffered such attacks, one third of enterprises said they would be attacked every week, and 5% of enterprises would be attacked every day. A common form of denial of service attacks against the application layer is http/s flooding. About 60% ◆ 2 Starch based plastics will suffer HTTP flooding at least once a month

Radware commissioned Osterman research to investigate 205 decision makers and influential people in enterprises with more than 1000 employees. The average number of employees of the surveyed enterprises is 2200. The main job responsibilities of the interviewees include network security, devops/devsecops, network operation and maintenance and related positions, application development, application security and other it and related positions. Most of the respondents are senior managers or managers, including administrative positions

to view the full text of the report, please visit:

about Radware

Radware is a global leader in providing network security and application delivery solutions for traditional data centers, cloud data centers and virtual data centers. Radware's solution portfolio, which has won the award of elastic modulus of electronic universal testing machine, provides global enterprises with infrastructure, applications and enterprise it protection services to ensure the digital experience of enterprises. Radware solutions have successfully helped customers of more than 12500 enterprises and operators worldwide quickly respond to market challenges, maintain business continuity, and effectively reduce costs while achieving maximum productivity. For details, please visit: