SQL injection has surfaced as the no. 1 attack in 2015

Get a copy of the upcoming book "Secure Operations Technology"

A new survey from Ponemon Institute finds that nearly 80 percent of enterprises say that their organization’s portfolio of applications has become more vulnerable to attacks.


This vulnerability comes as more enterprises are relying on increasing numbers of applications to conduct their business. The survey found that 57 percent of enterprises have between 1000 and 5000 business applications in use throughout their organizations.

84 percent of respondents say the most common gateway attack experienced by their organization over the past 12 months is an SQL injection, followed by cross site scripting (23 percent of respondents) and cross site request forgery (at 18 percent).

Only 45 percent of respondents say they take appropriate steps to ensure compliance with leading standards and guidelines for application security such as OWASP.


Other key findings from the survey include:

  • 81 percent of respondents believe that moving application delivery platforms to the cloud has resulted in the loss of control and visibility
  • 84 percent agree that it’s difficult to reduce the risk to applications because they’re not able to monitor, detect and prevent attacks at the application level
  • 88 percent say that it’s difficult to remediate vulnerabilities.

“Security isn’t a dress rehearsal – enterprises’ biggest worry are hacks to insecure applications,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.

The advent of internal and customer-facing applications in business-to-business environments has changed how institutions like banks, retailers or healthcare providers interact with external and internal constituencies. But the pace of development and deployment of those applications – and how critical that development and deployment is to the business – runs counter to the pace of security review and remediation.

The result is an ever-increasing number of applications that are vulnerable to security risks and that risk potentially imperils the business itself.