San Francisco, June 09, 2020 (GLOBE NEWSWIRE) -- Cobalt.io, the first Pentest as a Service (PtaaS) platform, today released findings from “The State of Pentesting: 2020,” which explores the state of application security. The fourth annual report, which includes insights from a survey of more than 100 practitioners in security, development, operations, and product roles, found that more than three-quarters of respondents (78%) reported a strong relationship between security and engineering, highlighting the transition organizations are making from DevOps to DevSecOps. This year’s report also looks at which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify, as well as the most common types of vulnerabilities based on data from more than 1,200 pentests conducted through Cobalt.io’s PtaaS platform. For the fourth consecutive year, the most common type of vulnerability is misconfiguration.
“As DevOps hastens the pace of software release, data and automation are essential to scaling security,” said Caroline Wong, Chief Strategy Officer at Cobalt.io. “With increased demand for pentesting and higher expectations for application security, the relationship between security and engineering hinges on operational efficiency through automation.”
Key findings from the report include:
Application Security Methodologies are Evolving as Software Development Hastens
Humans and Machines Both Bring Unique Value to the Table Regarding Finding Specific Classes of Vulnerabilities
Misconfiguration Is the Most Common Type of Vulnerability* for the Fourth Year in a Row
The top 5 types of vulnerabilities include:
*Based on more than 1,200 pentests conducted through Cobalt.io’s PtaaS platform.
“As web applications become more complicated and scanners improve efficiency, this report reveals a widespread need for applying security fundamentals to complex problems,” said Vanessa Sauter, Security Strategy Analyst at Cobalt.io. “Whether mitigating security misconfigurations or identifying business logic bypasses, a thorough understanding of system architecture and an ability to think both methodically and creatively proves essential to mitigating the most serious threats to application security. Crafting unique payloads is less important than holistically evaluating the issues that are being propagated in your applications.”
About The State of Pentesting: 2020
The report is written by Caroline Wong, Chief Strategy Officer at Cobalt.io, and Vanessa Sauter, Security Strategy Analyst at Cobalt.io. Findings are based on more than 1,200 pentests conducted through the Cobalt.io platform between January 1, 2019 to December 31, 2019 as well as survey responses from more than 100 practitioners in security, development, operations, and product roles regarding application security, surveyed online between March 17, 2020 and April 14, 2020. To see full findings, view the report here.
About Cobalt.io
Cobalt.io’s Pentest as a Service (PtaaS) platform transforms yesterday’s broken pentest model into a data-driven application security engine. Fueled by a global talent pool of certified pentesters, Cobalt.io’s platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Hundreds of organizations, including the new generation of software companies, now benefit from high-quality pentest findings, faster remediation times, and higher ROI for their pentest budget.
Visit cobalt.io to learn how Cobalt.io is securing apps for companies such as HubSpot, Palo Alto Networks, GoDaddy, Vonage, and Axel Springer, and join us on Twitter and LinkedIn.
Attachment