Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today published its State of Application Security 2024 Report. Findings from this year’s report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams.

Today’s digital world runs on web applications and APIs. They allow ecommerce sites to accept payments, healthcare systems to securely share patient data, and power activities we do on our phones. However, the more we rely on these applications, the more the attack surface expands. This is further magnified by the demand for developers to quickly deliver new features—e.g., capabilities driven by generative AI. But if unprotected, exploited applications can lead to the disruption of businesses, financial losses, and the collapse of critical infrastructure.

“Web Applications are rarely built with security in mind. Yet, we use them daily for all sorts of critical functions, making them a rich target for hackers,” said Matthew Prince, co-founder and CEO at Cloudflare. “Cloudflare’s network blocks an average of 209 billion cyber threats for our customers every single day. The layer of security around today’s applications has become one of the most essential pieces to making sure the Internet stays secure.”

Key findings from Cloudflare’s State of Application Security 2024 Report include:

• DDoS attacks continue to increase in number and volume: DDoS remains the most leveraged threat vector to target web applications and APIs, comprising 37.1% of all application traffic mitigated by Cloudflare. Top targeted industries were Gaming and Gambling, IT and Internet, Cryptocurrency, Computer Software and Marketing and Advertising.
• First to patch vs. first to exploit—the race between defenders and attackers accelerates: Cloudflare observed faster exploitations than ever of new zero-day vulnerabilities, with one occurring just 22 minutes after its proof-of-concept (PoC) was published.
• Bad bots—if left unchecked—can cause massive disruption: One-third (31.2%) of all traffic stems from bots, the majority (93%) of which are unverified and potentially malicious. Top targeted industries were Manufacturing and Consumer Goods, Cryptocurrency, Security and Investigations, and US Federal Government.
• Organizations are using outdated approaches to secure APIs: Traditional web application firewall (WAF) rules that use a negative security model—the assumption that most web traffic is benign—are most commonly leveraged to protect against API traffic. Far fewer organizations use the more widely accepted API security best practice of a positive security model—strict definitions on traffic that is allowed, rejecting the rest.
• Third-party software dependencies pose growing risk: Organizations use an average of 47.1 pieces of code from third-party providers and make an average of 49.6 outbound connections to third-party resources to help enhance website efficiency and performance—e.g., leveraging Google Analytics or Ads. But as web development has largely shifted to allow these types of third-party code and activity to load in a user’s browser, organizations are increasingly exposed to supply chain risk and liability and compliance concerns.

Report Methodology: This report is based on aggregated traffic patterns (observed from April 1, 2023 – March 31, 2024) across the Cloudflare global network. This data and threat intelligence from Cloudflare’s network has been complemented by third-party sources, as cited throughout the report. Cloudflare mitigated 6.8% of all web application and API traffic during the data collection period. Mitigated traffic is defined as any traffic that is blocked or is served a challenge by Cloudflare. The specific threat type and relevant mitigation technique depend on many factors, such as the application’s potential security gaps, the nature of the victim’s business and the attacker’s goals.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Organizations Struggle with Outdated Security as Online Threats Increase first appeared on AI-Tech Park.

Verimatrix, (Euronext Paris: VMX), the leader in powering the modern connected world with people-centered security, today announced major enhancements to its XTD dashboard, providing customers with greater visibility into application security risks and more actionable insights to better protect mobile apps and users.

First launched in early 2022, the updated XTD dashboard introduces an all new risk classification model that replaces numerical scores with four clear implication classifications — Informational, Low, Suspicious and High. This allows security teams to quickly understand the severity and context around detected threats. Detailed explanations accompany each risk level, ensuring transparency.

In addition to the new risk scoring model, the XTD dashboard provides specific remediation guidance mapped to each risk level. Teams can immediately see recommended steps for investigating, applying protections or addressing vulnerabilities based on the evaluated threats.

The redesigned dashboard UI streamlines information delivery with optimized layouts and intuitive navigation:

• Main Dashboard Page offers an at-a-glance view of the overall app security posture, key metrics and critical detections requiring attention
• App Instance View enables drill-down analysis of individual application instances to identify patterns and focus risk mitigation efforts

“With the surge in mobile app usage and evolving cyber threats, organizations need robust threat intelligence that allows them to prioritize and respond swiftly,” said Tom Powledge, Head of Cybersecurity Business for Verimatrix. “Our enhanced XTD dashboard applies intelligence and automation to translate raw data into actionable information that enables teams to mitigate risks effectively.”

The company has also introduced Verimatrix User Identity Tag, a new XTD feature that associates a unique identifier with each individual app user. This makes it possible to trace compromised app instances back to the account source, empowering more effective threat containment and forensic investigation processes.

“Verimatrix User Identity Tag enhances mobile app security by bridging the gap between detecting compromised app instances and actually tracing them back to the impacted user accounts,” said Dr. Klaus Schenk, SVP Security and Threat Research at Verimatrix. “For regulated enterprises like banks, this capability is game-changing. It transforms a broad ‘potential breach’ scenario into a laser-focused incident response, allowing surgical containment of just the involved accounts. This preserves business continuity and enhances compliance specificity, while providing authoritative evidence trails — something that’s been virtually impossible until now with the disconnected nature of mobile app security.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Verimatrix announced enhancements to XTD Dashboard first appeared on AI-Tech Park.

Checkmarx, the industry leader in cloud-native application security for the enterprise, is stepping up collaboration with DXC Technology (NYSE: DXC), a leading Fortune 500 global technology services company, to offer robust and fully scalable application security (AppSec) programs and services around the world. DXC Technology will now sell and support the Checkmarx One application security platform at its customer sites to enable enterprise-grade, comprehensive protection across the software development life cycle and help them find and fix software vulnerabilities faster.

Together, Checkmarx and DXC Technology have over 5000 experts and a vast ecosystem of partners to design, build, deliver and support holistic application security programs to:

• Protect all applications and application footprints on a single platform that covers the entire software development life cycle (SDLC), from code to cloud
• Reduce cost and risk while improving customer outcomes
• Help organizations take applications to market faster
• Tailor and customize services to match each customer’s needs

“DXC and Checkmarx have built a powerful relationship to significantly reduce risk and ensure faster innovation for enterprise organizations around the world,” said Yigal Elstein, Chief Revenue Officer at Checkmarx. “The enterprise has a critical need to speed and scale business-critical projects without compromising application security, including digital transformation and cloud migration​. Checkmarx and DXC deliver a real solution through Checkmarx One with DXC’s global reach that enables alignment of processes, tools and methodologies across regions and business units.”

Remarked Roger Smith, Global Testing and Digital Assurance Practice Leader at DXC, “I’m excited about the new partnership with Checkmarx and the advanced capabilities of the Checkmarx One platform as an integral part of DXC Application Security on Demand services to proactively integrate security into the development lifecycle through developer-friendly features that accelerate speed to value.“

In addition to selling and supporting Checkmarx One, DXC will provide the following services:

• Application security strategy and consulting​
• Comprehensive application threat analysis
• Project-level optimization to ensure high-fidelity results and priority-based remediation
• Query customization, triage and remediation
• Static, dynamic, API, IaC security testing​
• Open-source software composition analysis​
• Migration​ to Checkmarx One

Purpose-built for enterprise cloud development, Checkmarx One is a highly scalable platform that addresses the need to close application security gaps while speeding time to delivery. The platform integrates into any workflow or tool, delivering security with the speed, scale and flexibility to support the latest development requirements, seamlessly working with all modern frameworks and development infrastructures through webhook integrations, a standard set of APIs or command-line interface. Checkmarx One dramatically improves the end-to-end developer experience of AppSec while expanding the AI-driven security capabilities across the platform, its reporting and analytics capabilities and its software Supply Chain Security solution.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Checkmarx, DXC Technology to Deliver Scalable, Holistic AppSec Globally first appeared on AI-Tech Park.

Backslash Security, a modern application security solution that leverages deep reachability analysis for enterprise AppSec and product security teams, today unveiled expansive new platform capabilities. With a broad roster of new on-premises integrations, security team workflow integrations and automation features, CI/CD integrations, and bolstered language support, Backslash now serves the full software development lifecycle and further supports the application security needs of large enterprises.

“There are two core elements that make AppSec teams successful – one is cutting through the noise to prioritize truly reachable and exploitable vulnerabilities; the other is building confidence with our developers to trust that the risks we flag are real, and worth their effort to investigate and fix,” said Shane Garoutte, Head of Security & Compliance at Capital Rx. “Backslash’s focus on reachability analysis enables us to achieve both, and with the platform’s expanded capabilities, we can also work seamlessly with DevOps to integrate security throughout the software development lifecycle.”

Backslash combines SCA, SAST, SBOM, VEX, and secrets detection to replace outdated legacy SAST and SCA tools with a single, enterprise-ready platform that uncovers the most critical risks through reachability analysis. Newly released enhancements to the Backslash platform include:

Extended support for large enterprise use cases:

• Integrations with Github Enterprise On-Premise, Github Enterprise Server, Gitlab On-Premise and Bitbucket On-Premise enable seamless connection to enterprise on-premises codebases.
• Extended language support adds C, C++, Ruby, Rust and Scala to Backslash’s existing language portfolio to serve diverse technology stacks and secure the entire codebase, including third party libraries and dependencies.
• Role-based access controls enable enterprises to easily manage access to the Backslash platform for large and varied user bases across the organization.

Security team workflow enhancements: New automation policies and actions features enable Backslash users to specify security workflows and automatically create tickets and notifications with the following collaboration platforms: Jira, Monday.com, ServiceNow, Slack and Microsoft Teams.

CI/CD integrations for DevSecOps support: Integrations with Gitlab Pipelines, Github Actions and Azure Pipelines enable DevOps teams to implement DevSecOps processes and prevent new issues from being introduced in the pull request and CI/CD stages.

Reachability analysis enhancements:

• Phantom packages are packages not defined or controlled by the app developer but introduced by a transitive one, escaping the developer’s control and potentially introducing vulnerable versions into the application. Backslash detects these phantom packages in OSS code, even if they are not declared in manifest files.
• Backslash Security’s reachability analysis identifies vulnerable transitive packages, helping developers understand which vulnerabilities are actually in use and therefore exploitable within their codebase, allowing them to prioritize what to fix.
• New UI features bolster reachability evidence by showing code references for each reachable path.

“Backslash enables enterprises to prioritize truly critical code risks and facilitate trust among the many teams and stakeholders within the software development lifecycle,” said Yossi Pik, co-founder and CTO of Backslash Security. “These latest enhancements automate key AppSec tasks, ensure issues are handled according to the correct priorities, and integrate smoothly into organizational workflows, all while strengthening our reachability analysis to provide enterprise security teams with incomparable results.”

Start a free trial with full access to the Backslash platform via a pre-configured demo environment that includes SAST, SCA, phantom packages, VEX, SBOM, secrets, and more, now available at backslash.security/trial.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Backslash Unveils Extensive Enterprise-Grade Capabilities to its AppSec Platform first appeared on AI-Tech Park.

Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, has been named as a Strong Performer in the 2024 Gartner Peer Insights Voice of the Customer for Cloud Web Application and API Protection (WAAP) Report. According to the report, 99% of customers are “willing to recommend” Radware.

Gartner defines cloud WAAP as a category of security solutions “that provide protection from a broad range of runtime attacks. It offers protection from the top 10 web application security risks defined by the Open Web Application Security Project (OWASP) and automated threats, provides API security, and can detect and protect against multiple sophisticated Layer 7 attacks targeted at web applications.” The report also notes “Cloud WAAP’s core features include web application firewall (WAF), bot management, distributed denial of service (DDoS) mitigation, and API protection.”

“It’s a pleasure to be recognized by the customers who we serve,” said Sharon Trachtman, chief marketing officer at Radware. “For us, knowing that 99% of Radware’s customers would recommend our products to peers speaks volumes. Our team of experts work diligently to defend our customers on cybersecurity’s front line each day.”

Below are examples of some customer reviews that contributed to the report and were based on direct experience with Radware and its products:

• “The Radware CWAF team was helpful in getting the protection service operational within 30 minutes and the overall support has also been exceptional. With a local in-country CWAF there was no noticeable latency accessing our web applications.”  Network Architect, Banking
• “The overall experience is great. I like the product very much. Easy to use and manage. Overall, product is superb.” Manager of IT Services, IT Services
• Radware’s “Cloud WAF offers a comprehensive, scalable, and user-friendly solution for safeguarding web applications, making it an excellent choice for organizations looking to enhance their cybersecurity posture.” Network Engineer, Telecommunications
• “Overall, I have nothing but praise for Radware as a security platform provider. They have proven to be reliable, effective, and highly professional in their approach to enterprise security.” Chief Security Officer, Government

“The ‘Voice of the Customer’ is a document that synthesizes Gartner Peer Insights’ reviews into insights for IT decision makers. This aggregated peer perspective, along with the individual detailed reviews, is complementary to Gartner expert research and can play a key role in the buying process, as it focuses on direct peer experiences of implementing and operating a solution.”

Radware was also recently ranked as a Leader and Fast Mover in GigaOm’s 2024 Radar for Application and API Security Report. Radware was the only vendor among the 13 security providers evaluated in GigaOm’s report to earn a top score for AI enhanced vulnerability detection. In addition, Radware was also just named a Product, Innovation, Market and Overall Leader in the 2024 KuppingerCole Leadership Compass Report for Web Application Firewalls (WAF).

Gartner Attribution and Disclaimer
Gartner, Voice of the Customer for Cloud Web Application and API Protection, Peer Contributors, 25 April 2024

Gartner and Peer Insights are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Radware Recognized as Voice of the Customer for Cloud Web Application first appeared on AI-Tech Park.

Security Innovation, a leader in software security assessment and training, today announced it recently received four cybersecurity industry awards and was recognized by advisory firm Datos Insights for its cybersecurity training solutions.

In May, Security Innovation received company recognition with three awards. During RSA 2024, Security Innovation was named a “Hot Cybersecurity Training Company” by Cyber Defense Magazine, the industry’s leading digital information security magazine, at the Global Infosec Awards. Security Innovation also won a Business Intelligence Group 2024 Fortress Cybersecurity Award as a leading cybersecurity training organization. This recognition program honors the industry’s leading individuals, companies and products that are at the forefront of safeguarding data and digital assets.

The company and its CEO Ed Adams each received a 2024 Cybersecurity Excellence Award from Cybersecurity Insiders which reflect outstanding commitment to the core principles of excellence, innovation, and leadership in cybersecurity. Security Innovation was recognized as “Best Cybersecurity Education Provider.” In addition, “See Yourself in Cyber: Security Careers Beyond Hacking,” a book byAdams, a security industry veteran, received the award for “Best Cybersecurity Book.” Published by Wiley earlier this year, the book explores the breadth and depth of careers available in cybersecurity and provides a playbook for how people outside of traditional cybersecurity roles can contribute to their organization’s security.

Security Innovation Named a Leader in the G2 Secure Code Training Report

G2, one of the world’s largest software marketplaces and aggregator of user reviews for business software, named Security Innovation a leader in their G2 Grid® Spring 2024 Report for Secure Code Training.

The Grid® represents the democratic voice of real software users. Scoring is based on verified user reviews and data aggregated from online sources. Users cited depth and breadth of content, coverage across roles and technologies, and ease of deployment in their reviews of Security Innovation training solutions.

CMD+CTRL Cyber Range Positioned as a Contender in Datos Insights Matrix

Datos Insights, a global leader in financial services research, data, advisory, and consulting services, included Security Innovation’s CMD+CTRL Cyber Range as a contender in its first matrix report of Cyber Range Solutions. One of six solutions included in the matrix, Security Innovation was recognized for its best-in-class client service.

Realistic simulations are an increasingly important component of software security training, and Security Innovation’s CMD+CTRL Cyber Range platform is unique in application security specific training. A recent report from Security Innovation and the Ponemon Institute found that 60% of companies now include realistic simulations as part of their cybersecurity training programs compared to 36% in 2020.

Security Innovation offers 11 immersive, hands-on, cyber ranges that vary in difficulty from basic to advanced and train participants how to better protect against the latest cybersecurity threats in a simulated system by having them think like attackers. In addition to the CMD+CTRL Cyber Range, the company’s training solutions combine 250+ interactive modules and 125+ scenario-based labs. More than 300 companies and over one million participants have enhanced their skills with Security Innovation cyber ranges, from Global 100 software companies to mid-size tech companies, to financial services firms and retailers.

“These industry accolades are a testament to the more than two decades our team has dedicated to developing solutions that enable our clients to build a ‘security-first’ culture across their organizations with hands-on training and role-based skills development,” said Adams. “As we move into the era of AI, it is more critical than ever for enterprises to bolster their security defenses with proactive training programs that empower software teams to defend against emerging cybersecurity threats.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Security Innovation Recognized as a Leader in Cybersecurity Training first appeared on AI-Tech Park.

Traditional compliance services often come at high costs, which places a strain on banks and financial institutions that have to process thousands of transactions every day. The team behind ComplyControl recognized this issue and set out to develop a more efficient and affordable alternative. Their efforts resulted in the creation of a robust AI-based system that can conduct compliance checks much more efficiently than existing services.

ComplyControl was founded in early 2023 and has continued to evolve since then by integrating feedback from clients and expanding functionalities according to the stated needs. By leveraging AI-powered solutions, the company can check bank transactions against a variety of sanctions lists to prevent AML- and CTF-related risks.

The system can also offer a comprehensive analysis of transactional data and account behavior. All anomalies and potential risks can be identified in real-time, allowing users to take immediate corrective actions for better risk mitigation.

The value of ComplyControl’s services becomes that much more apparent when considering the ongoing scarcity of proficient compliance specialists. By leveraging AI to reduce the need for extensive manual work, the company provides a way to save a lot on staff costs.

Offering a peek behind the curtain, the company is soon planning to release several innovative features designed to enhance the efficiency of transaction verification and regulatory compliance. Some examples of such features are a visual constructor of transaction screening rules and an AI-based anti-fraud system to better protect financial institutions and their clients.

“At ComplyControl, we are committed to leveraging advanced technologies that meet the dynamic needs of the financial industry. Artificial intelligence is set to bring about a transformative change in this landscape, making it more efficient than ever before. And we intend to be at the forefront of this change, delivering state-of-the-art solutions that our clients need,” – states Roman Eloshvili, Founder of ComplyControl.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post ComplyControl Debuts Compliance With AI-Powered Innovations in UK first appeared on AI-Tech Park.

“Implementing cybersecurity and cyber resiliency in your infrastructure is essential, and leveraging a cutting-edge FPGA-based firmware security solution simplifies the process for developers to enhance protection across applications and systems,” said Eric Sivertson, Vice President of Security Business at Lattice Semiconductor. “We’re honored to receive this prestigious award from the Business Intelligence Group recognizing our continued commitment to enabling our customers to seamlessly integrate robust firmware security and cyber resiliency.”

“The ever-expanding reliance on networks underscores the critical importance of cybersecurity,” said Maria Jimenez, Chief Nominations Officer at Business Intelligence Group. “We are proud to recognize Lattice Semiconductor for shaping the future of data security and defense against ever-evolving threats.”

The Lattice Sentry solution stack helps developers create cyber resilient system control applications compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) across the Communications, Computing, Industrial, Automotive, and Consumer markets. Lattice solution stacks provide turnkey application-specific solutions that combine reference platforms and designs, demos, IP building blocks, FPGA design tools, and custom design services to accelerate customer application development and time-to-market.

Visit the Lattice Sentry solution stack page to learn more.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Lattice Sentry Wins 2024 Fortress Cyber Security Award first appeared on AI-Tech Park.

Company names Prasad Raman as Head of Strategic Alliances

Cycode, the leader in Application Security Posture Management (ASPM), today launched a first of its kind ASPM marketplace, featuring over 100 connectors and integrations. Cycode now enables customers to seamlessly integrate and ingest findings from relevant third-party security tools, complement and contextualize those findings with native scanners and eliminate gaps within supply chain security. This is a significant milestone that delivers economic optionality for businesses and reinforces Cycode’s position as the industry’s only complete ASPM.

Recent findings from The State of ASPM 2024 report reveal that 77% of CISOs believe software supply chain security is a bigger blind spot for AppSec than Gen AI or open source. It comes as no surprise that Gartner has estimated that by 2026, 40% of security teams will utilize an ASPM tool. Unfortunately, traditional AppSec solutions only provide narrow visibility into the application layer, leading to fragmented monitoring, false positives and siloed application workflows – ultimately creating exploitable gaps in application development.

Cycode’s ASPM marketplace helps customers gain a wider view of their applications and runtime environments by showcasing valuable connectors that are relevant and complementary to their application security workflows. By utilizing the Cycode ConnectorX module and its open, click and connect ASPM capability, customers can ingest third-party security data into Cycode. This allows native scanners to provide additional context and deliver a “trust but verify” approach unmatched by any other ASPM vendor. This unique set of capabilities, in addition to Cycode’s Risk Intelligence Graph (RIG), delivers a step change in the ability of developers and security teams to collaboratively diagnose, resolve and preempt threats in their mission-critical code.

“The launch of our ASPM marketplace is a major leap in building a comprehensive security ecosystem… and we’re proud to be first,” said Seth Robbins, Chief Revenue Officer at Cycode. “Unlike competitors, Cycode’s singular focus on application security and our integrated Risk Intelligence Graph give customers unparalleled precision in their threat prioritization – table stakes for any effective ASPM.”

Enhancing Security Through Strategic Alliances Adds an Unfair Advantage

Cycode is thrilled to welcome Prasad Raman as the new Head of Strategic Alliances. Raman, an industry veteran, will spearhead our business development efforts with technology partners, global systems, integrators and cloud service providers. Prior to Cycode, he led strategic alliances at SecurityScorecard and held product management and corporate strategy roles at IBM.

“I am delighted to join Cycode, especially at this moment, as software is becoming critical to every industry. It has never been more important to help businesses ensure that the code they rely on is secure and minimizes their risk exposure,” said Prasad Raman, Head of Strategic Alliances at Cycode. “Having spent years in the cybersecurity industry, I know the value of deep strategic alliances and the importance of bringing integrated solutions to customers. Cycode is on an exciting trajectory, and I’m thrilled to build a network of alliances helping us deliver the industry’s only Complete ASPM.”

Continued Momentum and Innovation

With its ongoing commitment to the developer community, Cycode recently announced its Cygives initiative. Cygives offers developers free access to industry-leading open source solutions like Bearer SAST, Raven and Cimon.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Cycode launches Industry’s First ASPM Marketplace first appeared on AI-Tech Park.

Ongoing state-sponsored cyber malfeasance, rebounding cryptocurrencies, jailbreaking, and surging use of AI/ML all contributed to the increase in attacks

Digital.ai, an industry-leading technology company helping Global 5000 enterprises automate software delivery through its AI-powered DevSecOps platform, today announced the results of its 2024 Application Security Threat Report, quantifying and emphasizing the pervasive risks to applications that run outside corporate firewalls (“in the wild”.) The results show that the frequency of application attacks is rising as cyber criminals continue to prey on the increasing reliance on web, mobile and desktop apps.

The report examined data about threats identified from monitoring applications under active protection: the likelihood of an app being attacked rose 8% YoY, with gaming apps and financial services apps facing the highest risk of attack at 76% and 67% respectively. The top reasons for the increase in breached applications:

• Tool democratization, like reverse-engineering tools in the hands of hackers
• Increased “jailbreaking” has taken root within the community of hackers
• The surging use of AI/ML increases the productivity of malware developers

“We’re seeing that the appetite for cybercriminals continues to be insatiable,” said Wing To, General Manager of Intelligent DevOps and Security, Digital.ai. “Threat actors are exploiting AI and low-code technologies to attack a growing number of apps—and benefiting from increased precision. Customer-centric enterprises are prioritizing protective measures for the applications their customers rely on daily.”

2024 also saw a significantly sharper uptick in specialized attacks—attacks that violate an application’s integrity through, for example, a malicious change in application code. The likelihood of an app being run with modified code:

• iOS based apps grew from 6% to 20% YoY;
• Android based apps grew from 28% to 63% YoY

Specific to mobile applications, both Android and iPhone attacks are surging; Android apps are more likely to be targeted with environmental attacks (94%) than iPhone apps (70%) due to their Open-Source operating system.

The study found no link between the popularity of an app and frequency of attack.

Survey Methodology

Digital.ai has hundreds of application security customers worldwide who protect over 1 billion instances of applications. The data in this report is anonymized and aggregated global customer data collected over a four-week period from February 1 to February 28, 2024. “Risk,” in this case, is measured from the enterprise creating the application’s perspective. In other words, if 100 enterprises create 100 apps and 58 of those apps experience an attack on one or more instances of that app, the report will state that 58% of apps were under attack.

For more information on Digital.ai, visit Digital.ai. To read the full 2024 report, click here.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Digital.ai 2024 Application Security Threat Report first appeared on AI-Tech Park.