The State of Application Security Q1 2024 annual report is based on a sample size of 1400+ websites and applications that were analysed between January 1, 2024, and March 31, 2024.
During this period, various enterprise, government, and SME websites were analysed. The below figure illustrates the diversity of industries represented in this report.
Apart from the above-mentioned analysis of the sites, Indusface also surveyed over 300+ CISOs, CTOs, and other security leaders to understand their pain points related to application security concerns and challenges faced due to DDoS, Bot, and API attacks.
Here are some of the key findings from the report:?
- Over 1.89 billion attacks were blocked from 1st Jan 2024 to 31st March 2024?
- On average, 800K attacks were blocked per website?
- Cyberattacks grew by 76% in the Q1 of 2024 compared to the Q1 of 2023?
- Bot attacks rose by 147%, and DDoS attacks rose by 76% compared to last year Q1 2023:?
- 6 out of 10 sites witnessed a DDoS attack, whereas 9 out of 10 sites witnessed a bot attack?
- 17K critical and high vulnerabilities were found - 32% of these vulnerabilities were open for 180+ days?
- The cyberattacks in India grew by 261% in the Q1 of 2024 compared to the Q1 of 2023?
- Customers are increasingly benefiting from autonomous patching at WAAP. In the last two quarters:?
- 41% of the attacks were blocked by using AppTrana’s core rules set?
- 59% of the attacks were blocked using custom rules. This signifies the importance of managed services and custom rules for security teams across the world?
- Power and energy companies faced up to 500x higher number of attacks than the industry average. This is because hackers are now finding options for ransom and targeting less regulated industries??
- Banking and Finance sectors face 4x higher encoding attacks where hackers are using evasion techniques to bypass security measures and probe into sensitive data?
- A higher number of LFI attacks are seen in the manufacturing industry, where hackers try to exploit vulnerabilities that lack input validation and sanitization?
