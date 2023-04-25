REDWOOD CITY, Calif., April 25, 2023 /PRNewswire/ -- Synack, the premier security testing platform, today released its inaugural State of Vulnerabilities report highlighting the top three software flaws found by the company's global network of elite security researchers.

The findings are based on a record 14,800 exploitable vulnerabilities uncovered in 2022 by the Synack Red Team (SRT), a community of the world's most trusted and skilled ethical hackers.

Broken access control issues posed the most common risk to Synack customers last year, making up 39% of all vulnerabilities discovered during pentesting engagements, according to the report. Injection flaws – including cross-site scripting (XSS) and SQL vulnerabilities – came in second as researchers routinely found ways to bypass perimeter defenses. The third most common vulnerability, identification and authentication failures, accounted for 6% of all accepted SRT submissions.

"Organizations are struggling to secure their attack surfaces as adversaries find increasingly creative ways to exploit well-known vulnerabilities," said Synack CEO and co-founder Jay Kaplan. "Our first-ever State of Vulnerabilities report underscores the importance of continuous security testing to fix these gaps and address their root causes before they lead to a costly breach."

The report draws on data from security assessments carried out on Synack's global customer base and aligns with vulnerability categories in the OWASP Top 10 standard awareness document. The 1,500+ members of the SRT collectively spent 35,700 days testing Synack customer assets last year, including cloud, application programming interface, web application, host infrastructure and mobile attack surfaces.

Other takeaways from the report:

40% of vulnerabilities in 2022 were ranked "high" or "critical" in severity

XSS vulnerabilities fell by 44% from 2021 to 2022 as organizations deployed more effective defensive techniques

Exploitable API vulnerabilities have emerged as a fast-growing risk

To read the full report, please visit: https://go.synack.com/state-of-vulnerabilities-2023

