The results reveal that 94% of applications had at least one high-severity vulnerability, demonstrating that websites are a critical weakness for organizations. As expected by Positive Technologies experts, finance web applications (46% of all tested web applications) were at the greatest risk, with high-severity vulnerabilities found in 100% of tested banking and finance web applications, according the company’s official press release.

Denial of service is especially threatening for ecommerce web applications, because any downtime means missed business and lost customers. Moreover, high-profile ecommerce web applications receive large amounts of daily visits, increasing the motivation for attackers to find vulnerabilities to turn against users.

After assessing the potential impact of every detected web application vulnerability, the company compiled a list of the most common security threats. The number-one threat is attacks that target web application users. 87% of banking web applications and all government web applications tested by Positive Technologies were susceptible to attacks against users.

The Web Application Vulnerabilities in 2017 report provides statistics on vulnerabilities in 33 web applications that were analysed with PT Application Inspector (PT AI) in automated security assessments in 2017.