Invicti Security have released the findings of its annual Spring AppSec Indicator Report. Invicti Security commissioned the report to assess the impact and prevalence of modern web vulnerabilities. 

The Spring AppSec Indicator Report examines data from over 1.7 million scans and 1,700 Invicti customers and shares insights and trends to guide best practices in vulnerability identification and remediation. Highlights include: 

• Scanning is steadily increasing, up 50% from 2019 to 2022, as customers are scanning their web applications and APIs more often.
• Percentage of scans with a severe vulnerability declined 19% year over year. After steady increases in prior years, the percentage of scans with severe vulnerabilities declined 19% from 2021 to 2022.
• Remote code execution (RCE) vulnerabilities show a significant increase, with the average percentage of apps with RCE flaws up 40% since last year.
• Percentage of scans with severe cross-site scripting (XSS) vulnerabilities continues to decline, dropping 12% from 2021 to 2022.

“This spring’s AppSec Indicator Report unveiled a key trend: Organisations are scanning a greater portion of their attack surface for vulnerabilities, and scanning them more frequently,” said Invicti’s Chief Product Officer, Sonali Shah. “By automating testing of their web applications and APIs in development and in production and quickly remediating issues found, companies are reducing the risk of a data breach. Continuous security testing is an indispensable feature of a successful AppSec program.”  

The report will be discussed in-depth at the 2023 RSA Conference. If attending, you can register now to meet the team at booth #N-6265 or attend Invicti’s session, “2023 Vulnerability trends: a Deep Dive to Improve AppSec Programs,” at the Expo Briefing Centerbooth N-6545 on April 25th at 12:20 PM PT. The company will also host a webinar about the AppSec Indicator’s findings on May 18th.