SAN FRANCISCO, July 11, 2019 /PRNewswire-PRWeb/ — Security thought leaders Caroline Wong and Joe Sechman released a new report this week, The State of Pentesting. Data for this report was gathered from over 150 survey respondents as well as 1400+ pentests performed over the past three years on Cobalt.io’s Pentest as a Service platform.
From this research, Wong and Sechman noticed two key takeaways that are illustrated in this report. First, security misconfiguration continues to be the top vulnerability category, now for the third year in a row. The report shows real-world data on the specific types of security misconfiguration mistakes organizations are making to inadvertently expose their data.
They found that 30.1% of security misconfigurations were in security headers; 28.5% in application settings; 12.7% in encryption settings; 11.5% in server configuration; 9.6% in mobile settings; 4.9% in cloud settings; and 2.9% due to an improper security control. But the highest-risk mistakes, according to this report, are server configuration and application settings.
Read more here.