25 Apr 2023

Invicti Security™, known for acquiring and combining AppSec pioneers Netsparker and Acunetix released the findings of its annual Spring AppSec Indicator Report.

As a pioneer in dynamic application security testing (DAST), interactive application security testing (IAST), and software composition analysis (SCA), Invicti Security commissioned the report to assess the impact and prevalence of modern web vulnerabilities. 

Report findings

The Spring AppSec Indicator Report examines data from over 1.7 million scans and 1,700 Invicti customers and shares insights and trends to guide best practices in vulnerability identification and remediation.

Highlights include:

  • Scanning is steadily increasing, up 50% from 2019 to 2022, as customers are scanning their web applications and APIs more often.
  • The percentage of scans with a severe vulnerability declined 19% year over year. After steady increases in prior years, the percentage of scans with severe vulnerabilities declined by 19% from 2021 to 2022.
  • Remote code execution (RCE) vulnerabilities show a significant increase, with the average percentage of apps with RCE flaws up 40% since 2022.
  • The percentage of scans with severe cross-site scripting (XSS) vulnerabilities continues to decline, dropping 12% from 2021 to 2022.

Continuous security testing

Organisations are scanning a greater portion of their attack surface for vulnerabilities more frequently"

This spring’s AppSec Indicator Report unveiled a key trend: Organisations are scanning a greater portion of their attack surface for vulnerabilities, and scanning them more frequently,” said Invicti’s Chief Product Officer, Sonali Shah.

By automating testing of their web applications and APIs in development and production and quickly remediating issues found, companies are reducing the risk of a data breach. Continuous security testing is an indispensable feature of a successful AppSec programme.”  

Report discussion

The report will be discussed in-depth at the 2023 RSA Conference. If attending, visitors can register to meet the team at booth #N-6265 or attend Invicti’s session, “2023 Vulnerability trends: a Deep Dive to Improve AppSec Programs,” at the Expo Briefing Center booth N-6545 on April 25th at 12:20 PM PT.

The company will also host a webinar about the AppSec Indicator’s findings on May 18th. 

Related Links

Invicti Security gains momentum, delivers zero noise approach to AppSec
Invicti Security announces Matthew Sciberras as VP of Information Security and CISO; promotes Mike Mattos to Chief Customer Officer
Invicti Security reports momentum-building success in 2023 by delivering world-class customer experiences and products
Invicti announces Climb Channel Solutions as first UK distribution partner