Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

UncategorizedLack of Improvement in Web Application Security During COVID


April 29, 2021 Timothy Chiu, VP of Marketing
General Lack of Improvement in Web Application Security During COVID

A report from Acunetix, The Invicti AppSec Indicator, Spring 2021 Edition: Acunetix Web Vulnerability Report, came out with the conclusion that Web Application Security was a victim of the on-going COVID-19 pandemic.  The report found that:

  • Due to the pandemic, organizations had to redirect their IT resources. With the work from home that was forced on many companies, along with other pandemic forced changes, businesses delayed web application projects. The result was that fewer web applications were updated and/or created. As a result, they introduced fewer vulnerabilities.
  • On the other hand, many companies shifted security efforts towards endpoint security for the work from home systems. This in turn meant that security teams had no resources to address many web application security issues, including those that had been discovered in 2019 or earlier.

Based on these two trends, the report concluded that there was a general lack of improvement in the level of web application security.  From other reports we know that cyber attacks have increased during the pandemic.  Together with the lack of improvement in web application security in organizations, 2020 was a pretty bad year for web application security overall.

Take a Page from NIST to Improve Application Security

There are a number of simple measures an organization can take to improve their web application security stance.  First starts at the very beginning of application development, and that’s making sure developers take security into consideration when developing and coding applications.  Second, is making sure that software and operating systems are kept up to date, with the latest updates and patches to ensure known vulnerabilities that have patches are not exploited.

In addition to these two fundamental starts to application security, there’s still a need to ensure security for web applications running in production, especially against threats either missed or not typically secured by network or system level security.  The OWASP Top 10 Web Application Security Risks are a great example of risks that aren’t typically protected with network or system level security.

It is important to remember to have a security framework that offers a defense-in-depth architecture.  Maybe it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020.  The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) and Interactive Application Security Testing (IAST) as added layers of security in the framework.

Change how you protect your applications, and check out K2’s web application and application workload security solutions and evaluate K2’s effectiveness at detecting vulnerabilities and protecting your organization from attacks.

Find out more about K2 today by requesting a demo, or get your free trial.



Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131