Synopsys finds vulnerabilities in 97% of applications

Synopsys has released The 2021 Software Vulnerability Snapshot report, which uncovers the issues impacting web and mobile apps

Most applications have some form of software vulnerability, according to a new report published by software security company Synopsys. 

Synopsys, the silicon to Software partner for companies that develop electronic products and software applications, has published "2021 Software Vulnerability Snapshot: An Analysis by Synopsys Application Security Testing Services," a report examining data from 3,900 tests conducted on 2,600 targets (i.e., software or systems) during 2020. 

 

What did the report find? 

The data, compiled by tests performed by Synopsys security consultants in our assessment centers for our customers, included penetration testing, dynamic application security testing, and mobile application security analyses, designed to probe running applications as a real-world attacker would.

83% of the tested targets were web applications or systems, 12% were mobile applications, and the remainder were either source code or network systems/applications. Industries represented in the tests included software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.

"Cloud-based deployments, modern technology frameworks, and the rapid pace of delivery is forcing security groups to react more quickly as software is released," said Girish Janardhanudu, vice president, security consulting at Synopsys Software Integrity Group. "With insufficient AppSec resources in the market, organizations are leveraging application testing services such as those Synopsys provides in order to flexibly scale their security testing. We've seen a heavy increase in assessment demand throughout the pandemic."

 

Checking vulnerabilities

Out of the 3,900 tests conducted, 97% of the targets were found to have some form of vulnerability. 30% of the targets had high-risk vulnerabilities, and 6% had critical-risk vulnerabilities. 

80% of the discovered vulnerabilities in the mobile tests were related to insecure data storage. These vulnerabilities could allow an attacker to gain access to a mobile device either physically (i.e., accessing a stolen device) or through malware. 53% of the mobile tests uncovered vulnerabilities associated with insecure communications. 

64% of the vulnerabilities discovered in the tests are considered minimal-, low-, or medium-risk. That is, the issues found are not directly exploitable by attackers to gain access to systems or sensitive data. Nonetheless, surfacing these vulnerabilities is not an empty exercise, as even lower-risk vulnerabilities can be exploited to facilitate attacks. For example, verbose server banners—found in 49% of the tests—provide information such as server name, type, and version number, which could allow attackers to perform targeted attacks on specific technology stacks.

 

Share

Featured Articles

Accelerate outcomes and cut waste with IT Asset Management

Having a comprehensive IT Asset Management strategy is essential for organisations to keep track of their IT assets and CIOs have a key part to play

Tech leaders already looking to build back from recession

A new survey shows tech leaders are optimistic despite a looming recession, with some stakeholders expecting economic pressures to be a business benefit

Robot dining staff on call to help care in the community

Robots are ready to serve seniors as retirement communities struggle with staff shortages, and a new report says pensioners appreciate a metal maître d

BlackBerry drives its QNX technology to the cloud with AWS

Cloud & Cybersecurity

6G: Predictions for the network of the future

Cloud & Cybersecurity

Blockchain in space could take tokens and NFTs into orbit

Digital Transformation