According to a study conducted by the Kaspersky Security Assessment team between 2021 and 2023, 70% of corporate web applications were found to have vulnerabilities related to access control and data protection. It is important to note that this finding is objective and based on expert analysis. The study examined a number of internally developed corporate web applications in various industries, including information technology, insurance, telecommunications, cryptocurrencies, e-commerce, healthcare and government.
The most prominent vulnerabilities include:
- SQL injections: These accounted for the largest number of high-risk vulnerabilities. SQL injections can allow attackers to access sensitive data or execute malicious code on the server.
- Exposure of confidential information: This involves the leakage of sensitive data, such as passwords, credit card details, medical records and other confidential personal or business information.
When a vulnerability affects access control, attackers attempt to circumvent website policies that limit authorised user permissions. This can result in unauthorised access and alteration or deletion of data.
When a vulnerability affects access control, attackers try to bypass website policies that restrict authorised user permissions. This can lead to unauthorised access and modification or deletion of data.
The importance of robust security measures is clear, particularly in corporate web applications. Such vulnerabilities can have severe implications for business continuity and resilience.