SlideShare a Scribd company logo

Web App Attacks - Stats & Remediation

Qualys, profile picture
Qualys

The document discusses the high costs associated with data breaches, emphasizing the importance of early detection and rapid patching of vulnerabilities in web applications. It highlights that errors found after product release are significantly more expensive to fix, and suggests the need for efficient scanning and patching solutions that can scale across different platforms. Statistics reveal that a majority of organizations struggle to patch vulnerabilities quickly, indicating a critical need for improvements in application security processes.

Technology
Related topics:
Data Breach Insights Web Application Security Vulnerability Management Information Security
1 of 1
Downloaded 10 times
DESIGN CHECK YOUR ABILITY TO DETECT & PATCH FASTER TRADITIONAL FIXES ARE TOO SLOW $7 MILLION Average cost of a data breach in the US 95%Percentage of web app breaches that were financially motivated 4 – 5X Cost to fix an error found after product release vs. during design 100X Cost to fix an error identified in maintenance vs. design phase <30%Percentage of organizations satisfied with the speed of repairing vulnerabilities 55 DAYSAverage time it takes organizations to patch their systems 6 DAYS LEARN MORE AT QUALYS.COM/ONECLICK INSTALL PATCH Average time for exploit code to be released to the public Can you quickly and accurately scan thousands of web applications and APIs? Do you have the capability to immediately apply virtual patches for detected vulnerabilities? Can your web app scanning solution scale across browser-based, mobile and IoT services? Can your web app patching solution simulate attacks to verify protection is in effect? Can you detect and patch vulnerabilities early on in the app development cycle? SOURCES Ponemon 2016 Cost of Data Breach Study Verizon 2016 Data Breach Investigation Report SANS 2016 State of Application Security Report OWASP Virtual Patching Best Practices IBM Systems Sciences Institute BUSINESS IMPACT $$$$$$$$ $$$$$$$$ $$$$$$$$ 1X 6.5X 15X 100X Design Phase/Stage of the S/W Development in Which the Defect is Found 0 20 40 60 80 100 120 Implementation Testing Maintenance IDENTIFY V U LNERABILITYPATCH D EVELOPMENTTESTPAT CH DEPLOYPATCH SC AN/ASSESS ACCESS DENIED!! INITIATION PLANNING TECHNICAL ANALYSIS DEVELOPMENT QA RELEASE SECURITY WEB APP ATTACKS STATS & REMEDIATION

More Related Content

PPTX
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 
PPTX
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
PPTX
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Qualys
 
PDF
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
PPTX
Securing Your Public Cloud Infrastructure
Qualys
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
PPTX
How Malware Works
AlienVault
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Qualys
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
Securing Your Public Cloud Infrastructure
Qualys
 
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 
How Malware Works
AlienVault
 

What's hot (20)

PPTX
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
PDF
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
PPTX
Incident response live demo slides final
AlienVault
 
PPTX
Creating Correlation Rules in AlienVault
AlienVault
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
PPTX
Using a Network Model to Address SANS Critical Controls 10 and 11
Skybox Security
 
PDF
Top Application Security Threats
ColumnInformationSecurity
 
PDF
Disaster recovery glossary
singlehopsn
 
PPTX
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
PPTX
Solnet dev secops meetup
pbink
 
PDF
Cloud Security Myths Vs Facts
OPAQ
 
PPTX
Equifax Breach Postmortem
Adrian Sanabria
 
PDF
Security Implications of the Cloud - CSS ATX 2017
Alert Logic
 
PPTX
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
PDF
Kofax Document Security
Kofax
 
PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
PDF
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24
 
PDF
Security Starts at the Endpoint
Elasticsearch
 
PDF
The Intersection of Security & DevOps
Alert Logic
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
AlienVault
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
Incident response live demo slides final
AlienVault
 
Creating Correlation Rules in AlienVault
AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Skybox Security
 
Top Application Security Threats
ColumnInformationSecurity
 
Disaster recovery glossary
singlehopsn
 
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
Solnet dev secops meetup
pbink
 
Cloud Security Myths Vs Facts
OPAQ
 
Equifax Breach Postmortem
Adrian Sanabria
 
Security Implications of the Cloud - CSS ATX 2017
Alert Logic
 
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
Kofax Document Security
Kofax
 
Improve Security Visibility with AlienVault USM Correlation Directives
AlienVault
 
Open Source IDS Tools: A Beginner's Guide
AlienVault
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24
 
Security Starts at the Endpoint
Elasticsearch
 
The Intersection of Security & DevOps
Alert Logic
 
Ad

Similar to Web App Attacks - Stats & Remediation (20)

PPTX
Digital Product Security
SoftServe
 
PDF
Ensure a Secure Shopping Experience with Oracle Security Testing.pdf
RohitBhandari66
 
PDF
Service now vulnerability patching_move
Subrat Kumar Dash
 
PDF
Remediation Statistics: What Does Fixing Application Vulnerabilities Cost?
Denim Group
 
PPTX
Agile and Secure Development
Nazar Tymoshyk, CEH, Ph.D.
 
PDF
Web Application Security - Everything You Should Know
Narola Infotech
 
PDF
Dan Cornell - The Real Cost of Software Remediation
Source Conference
 
PDF
Real Cost of Software Remediation
Denim Group
 
PDF
Using ThreadFix to Manage Application Vulnerabilities
Denim Group
 
PPTX
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
lior mazor
 
PDF
The State of Application Security: What Hackers Break
Imperva
 
PDF
The State of Application Security: What Hackers Break
Imperva
 
PDF
Cost-effective approach to full-cycle vulnerability management
Sasha Nunke
 
PDF
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Nick Galbreath
 
PDF
Eliminate the 49% of Documents that Contain Data Breaches Webinar
Concept Searching, Inc
 
PPTX
12 software maintenance
University of Computer Science and Technology
 
PPTX
Security Services and Approach by Nazar Tymoshyk
SoftServe
 
PDF
World best web apps security and Active detection of malicious link
임채호 박사님
 
PPTX
Best Security Practices for a Web Application
TriState Technology
 
PDF
The Most Important Thing: How Mozilla Does Security and What You Can Steal
mozilla.presentations
 
Digital Product Security
SoftServe
 
Ensure a Secure Shopping Experience with Oracle Security Testing.pdf
RohitBhandari66
 
Service now vulnerability patching_move
Subrat Kumar Dash
 
Remediation Statistics: What Does Fixing Application Vulnerabilities Cost?
Denim Group
 
Agile and Secure Development
Nazar Tymoshyk, CEH, Ph.D.
 
Web Application Security - Everything You Should Know
Narola Infotech
 
Dan Cornell - The Real Cost of Software Remediation
Source Conference
 
Real Cost of Software Remediation
Denim Group
 
Using ThreadFix to Manage Application Vulnerabilities
Denim Group
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
lior mazor
 
The State of Application Security: What Hackers Break
Imperva
 
The State of Application Security: What Hackers Break
Imperva
 
Cost-effective approach to full-cycle vulnerability management
Sasha Nunke
 
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Nick Galbreath
 
Eliminate the 49% of Documents that Contain Data Breaches Webinar
Concept Searching, Inc
 
12 software maintenance
University of Computer Science and Technology
 
Security Services and Approach by Nazar Tymoshyk
SoftServe
 
World best web apps security and Active detection of malicious link
임채호 박사님
 
Best Security Practices for a Web Application
TriState Technology
 
The Most Important Thing: How Mozilla Does Security and What You Can Steal
mozilla.presentations
 
Ad

Recently uploaded (20)

PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Approach and Philosophy of On baking technology
30anthuong17
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
KodekX | Application Modernization Development
KodekX
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 

Web App Attacks - Stats & Remediation

  • 1. DESIGN CHECK YOUR ABILITY TO DETECT & PATCH FASTER TRADITIONAL FIXES ARE TOO SLOW $7 MILLION Average cost of a data breach in the US 95%Percentage of web app breaches that were financially motivated 4 – 5X Cost to fix an error found after product release vs. during design 100X Cost to fix an error identified in maintenance vs. design phase <30%Percentage of organizations satisfied with the speed of repairing vulnerabilities 55 DAYSAverage time it takes organizations to patch their systems 6 DAYS LEARN MORE AT QUALYS.COM/ONECLICK INSTALL PATCH Average time for exploit code to be released to the public Can you quickly and accurately scan thousands of web applications and APIs? Do you have the capability to immediately apply virtual patches for detected vulnerabilities? Can your web app scanning solution scale across browser-based, mobile and IoT services? Can your web app patching solution simulate attacks to verify protection is in effect? Can you detect and patch vulnerabilities early on in the app development cycle? SOURCES Ponemon 2016 Cost of Data Breach Study Verizon 2016 Data Breach Investigation Report SANS 2016 State of Application Security Report OWASP Virtual Patching Best Practices IBM Systems Sciences Institute BUSINESS IMPACT $$$$$$$$ $$$$$$$$ $$$$$$$$ 1X 6.5X 15X 100X Design Phase/Stage of the S/W Development in Which the Defect is Found 0 20 40 60 80 100 120 Implementation Testing Maintenance IDENTIFY V U LNERABILITYPATCH D EVELOPMENTTESTPAT CH DEPLOYPATCH SC AN/ASSESS ACCESS DENIED!! INITIATION PLANNING TECHNICAL ANALYSIS DEVELOPMENT QA RELEASE SECURITY WEB APP ATTACKS STATS & REMEDIATION