Synopsys finds vulnerabilities in 97% of applications

Share
Synopsys has released The 2021 Software Vulnerability Snapshot report, which uncovers the issues impacting web and mobile apps

Most applications have some form of software vulnerability, according to a new report published by software security company Synopsys. 

Synopsys, the silicon to Software partner for companies that develop electronic products and software applications, has published "2021 Software Vulnerability Snapshot: An Analysis by Synopsys Application Security Testing Services," a report examining data from 3,900 tests conducted on 2,600 targets (i.e., software or systems) during 2020. 

 

What did the report find? 

The data, compiled by tests performed by Synopsys security consultants in our assessment centers for our customers, included penetration testing, dynamic application security testing, and mobile application security analyses, designed to probe running applications as a real-world attacker would.

83% of the tested targets were web applications or systems, 12% were mobile applications, and the remainder were either source code or network systems/applications. Industries represented in the tests included software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.

"Cloud-based deployments, modern technology frameworks, and the rapid pace of delivery is forcing security groups to react more quickly as software is released," said Girish Janardhanudu, vice president, security consulting at Synopsys Software Integrity Group. "With insufficient AppSec resources in the market, organizations are leveraging application testing services such as those Synopsys provides in order to flexibly scale their security testing. We've seen a heavy increase in assessment demand throughout the pandemic."

 

Checking vulnerabilities

Out of the 3,900 tests conducted, 97% of the targets were found to have some form of vulnerability. 30% of the targets had high-risk vulnerabilities, and 6% had critical-risk vulnerabilities. 

80% of the discovered vulnerabilities in the mobile tests were related to insecure data storage. These vulnerabilities could allow an attacker to gain access to a mobile device either physically (i.e., accessing a stolen device) or through malware. 53% of the mobile tests uncovered vulnerabilities associated with insecure communications. 

64% of the vulnerabilities discovered in the tests are considered minimal-, low-, or medium-risk. That is, the issues found are not directly exploitable by attackers to gain access to systems or sensitive data. Nonetheless, surfacing these vulnerabilities is not an empty exercise, as even lower-risk vulnerabilities can be exploited to facilitate attacks. For example, verbose server banners—found in 49% of the tests—provide information such as server name, type, and version number, which could allow attackers to perform targeted attacks on specific technology stacks.

 

Share

Featured Articles

PwC and AWS Forge Path for Regulated AI Adoption

Professional services firm PwC and AWS collaborate on automated reasoning tools to reduce AI hallucination risk in regulated sectors

PwC and AWS Forge Path for Regulated AI Adoption

Professional services firm PwC and AWS collaborate on automated reasoning tools to reduce AI hallucination risk in regulated sectors

Nvidia Predictions: AI Infrastructure Set to Shift in 2025

Nvidia executives predict quantum computing breakthroughs, liquid-cooled data centres and autonomous agents will reshape enterprise computing landscape

Nvidia & AWS’s AI Breakthroughs at Re:Invent 2024

AI & Machine Learning

SAP and AWS Partner on AI-Powered Cloud ERP Platform GROW

Cloud Computing

SAVE THE DATE – Cyber LIVE London 2025

Cloud & Cybersecurity