Mais conteúdo relacionado

Apresentações para você(20)

Similar a Edgescan 2021 Vulnerability Stats Report(20)


Mais de Eoin Keary(20)


Edgescan 2021 Vulnerability Stats Report

  1. Risk Density
  2. Risk Density External Applications 32% High or Critical Risk External Infrastructure 22% High or Critical Risk Internal Applications 50% High or Critical Risk Internal Infrastructure 18% High or Critical Risk
  3. Risk Density – Organization Size 11-100 staff 0.5% Critical Risk 101 -1000 staff 1% Critical Risk 1001-10,000 staff 3% Critical Risk 10,000+ staff 2.5% Critical Risk 11-100 staff 3% High Risk 101 -1000 staff 13% High Risk 1001-10,000 staff 11% High Risk 10,000+ staff 10% High Risk
  4. AppSec Critical Risk Top 10 SQL Injection was first discussed in 1998 by Jeff Forristal, also known by the alias Rain Forrest Puppy
  5. AppSec High Risk Top 10 Cross-Site Scripting was first discussed in 1999 by Microsoft.
  6. Full stack Critical Risk Top 10 PHP is used by 78.9% of all websites with a known server-side programming language…
  7. Most common Risk-Accepted Vulnerability
  8. Mean Time to Remediate – MTTR Critical risk’s IT and Information Security generally does not grow linearly with the size of a business. Larger organizations have more to secure, more data and systems, but generally not relatively more security staff! We believe the size of an organization does not impact speed of security. We believe the size of an organization does not impact speed of security.
  9. Ages of discovered CVE’s 88% of CVE’s are between 0-5 years old. CVE’s from 2015 are the most common.
  10. Malware, Ransomware & CVE’s CVE Relative Occurrence Malware Name/variant CVE-2019-0708 28.90% Bluekeep CVE-2017-0143 26.50% EternalSynergy and EternalBlue Exploit Kit CVE-2017-5638 13.20% JexBoss CVE-2017-5715 9.10% Meltdown / Spectre CVE-2017-10271 6.30% Cryptominer CVE-2018-0802 4.20% EXPLOIT.MSOFFICE.CVE-2018-0802 CVE-2019-2725 3.50% Monero CVE-2017-11882 3.10% Loki Infostealer CVE-2018-12130 1.40% Metldown2 CVE-2018-7600 1.00% #drupalgeddon2 CVE-2018-4878 0.70% SWF_EXPLOYT.BL CVE-2017-0199 0.70% FINSPY CVE-2018-8174 0.70% Monero Miner CVE-2012-0158 0.70% Safe The Most common CVE’s related to Malware and Ransomware were between 1 and 3 years old
  11. Thanks. 2021 Vulnerability Stats Report: @edgescan